I have searched the forum over the last few days and tried many tips, including https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ to no avail. I have 9 domians on a VPS all working fine for over 6 months, last time round all certs updated every 60 days, but now they are nearing expiry, between 2 and 10 days on 6 domains, 3 renewed successfully. So I have updated certbot to v1.5.0, restarted the server and waited 24 hours and no updates. I ran sudo 'certbot-auto renew --dry-run' and the result for all 6 is Code: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mydomain.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for www.mydomain.com http-01 challenge for mydomain.com Waiting for verification... Challenge failed for domain www.mydomain.com http-01 challenge for www.mydomain.com Cleaning up challenges Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/mydomain.com.conf produced an unexpected error: Some challenges have failed.. Skipping. The following certs could not be renewed: /etc/letsencrypt/live/mydomain.com/fullchain.pem (failure) - The following errors were reported by the server: Domain: mydomain.com Type: connection Detail: Fetching http://mydomain.com/.well-known/acme-challenge/jhf6of8IeDekzfxoHfy2Xp6hsplsaiL8gbrfIub1i3k: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. If I run 'curl http://serverip/' it returns a load of html, which I assume means its working. So the last part says DNS problems, but everything works, all sites load, all email works etc I have also tried https://letsdebug.net. result is Green All OK! All out of ideas now, any pointers? Thanks
You wrote you followed LE FAQ to no avail. What results did you get? Following the FAQ should find out why LE fails.
Connecting to the server IP is not specific enough for a test in this case. To simulate the LE verification, use this: 1) Create a test token: touch /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test.txt 2) Now you must be able to retrieve that token with a web browser over the internet: http://mydomain.com/.well-known/acme-challenge/test.txt
till, yes I can access that file if I create it. I tried the debugging method from https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/ Code: 25.06.2020-17:00 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 25.06.2020-17:00 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished. Taleman, I found this in the log Code: "detail": "DNS problem: NXDOMAIN looking up A for www.mydomain.co.uk - check that a DNS record exists for this domain", None of my sites can be access by www.mydomain.com only mydomain.com, will this make a difference?
Yes, if you don't have DNS records for www, then auto subdomain must be set to 'none' in the website settings. Otherwise, let's encrypt will try to create a cert for the nonexisting www subdomain and must fail.
Thanks, I'll add the DNS records and wait Such a simple thing, yet easily overlooked, by me anyway lol
