I struggled with certificate renewal. It said connection problems, but my ports were open (80/443). I found another thread, where deleting the IP6 DNS entry was a solution, so I tried this. After a few minutes, certbot --config-dir /config-dir renew ran successfully (wasn’t, before). What could be the root cause of this problem?
Also, after successful renewal, I had to reboot reboot as root was ok, but I wonder what the recommended reboot command is, gracefully stopping docker, etc?
I wonder if I have the same issue: my certificate has expired, and when I ssh and try to renew it by hand, I get something along the lines of:
nextuser@nextbox:~ $ sudo certbot --config-dir /srv/letsencrypt/ renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /srv/letsencrypt/renewal/SOMEVALUE.dedyn.io.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for SOMEVALUE.dedyn.io
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (SOMEVALUE.dedyn.io) from /srv/letsencrypt/renewal/SOMEVALUE.dedyn.io.conf produced an unexpected error: Failed authorization procedure. SOMEVALUE.dedyn.io (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: SOMEVALUE: Fetching https://SOMEVALUE.dedyn.io/.well-known/acme-challenge/SOME_VALUE Timeout during connect (likely firewall problem). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/srv/letsencrypt/live/SOMEVALUE.dedyn.io/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/srv/letsencrypt/live/SOMEVALUE.dedyn.io/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: SOMEVALUE.dedyn.io
Type: connection
Detail: SOMEVALUE: Fetching
https://SOMEVALUE.dedyn.io/.well-known/acme-challenge/SOME_VALUE
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
however, my port forwarding is set up correctly (and my nextbox has worked well for many years without me doing anything special for this to break recently), and I can actually go to the page, so it is definitely reachable:
regarding the Detail: SOMEVALUE: Fetching: the SOMEVALUE is actually an IPV4, so I would guess this may actually rule out IPV6 problem / be another issue? If so, should I open a new thread?
Ok, it looks like there is an incident on letsencrypt service today; I wonder if this may explain the issue? I can try again tomorrow see if it works better then .
Sorry for many posts / updates, talking loud to myself a bit in this thread…
Actually, I think there is an issue somewhere on the nextbox side. I tried somethings like wget of the URL that letsencrypt complains that it cannot get, and it is true that it does not seem to be able to fetch it. Curious if anybody else gets the same issue.
Hard to tell what your real issue is. Mine was IPv6. If you check in to your dedyn dashboard, do you see an v6 entry for SOMEVALUE.dedyn.io? As it can actually have a v4 and a v6…
.
