I am facing the following error when I try to renew my ssl certificate using

certbot renew

Challenge failed for domain ***********.com

Some challenges have failed.

The following errors were reported by the server:

Domain: arjunbroker.com Type: connection Detail: Fetching : Timeout during connect (likely firewall problem)

I have checked UFW and firewalld. And both port 80 and 443 are open.

5 Answers

I finally realised that prior to installing SSL on this server, I used to forward port 80 to port 8080 using

 sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

So I simply forwarded port 80 back to port 80.

Lesson learnt, for Certbot to work port 80 forwarding should be in place.

I fixed that in AWS EC2 updating the Group Security like this:

More about EC2 Group Security:

1

For me the issue was that Let's Encrypt uses IPv6 if possible to do the http challenge and my site worked fine over IPv4 but not over IPv6 (as I had it setup wrong). You can use this site to test your IPv6 setup.

I finally realized that I ONLY had http/https open to my test client machines. I opened them wide for the certbot run then closed them again. I'll try to determine what IP needs to be open for letsencrypt probes so I can automate the certbot renewals.

1

I solved this by disabling 'Permanent SEO-safe 301 redirect from HTTP to HTTPS' (in Hosting Settings for Plesk / CentOS Linux 7.9).

LetsEncrypt wouldn't assign or renew its SSL certificates otherwise. Spent a day re-configuring, DNS, panel.ini, firewall, etc., and eventually pinpointed this as the specific cause.

The issue surfaced about 10 months ago and we only realised what was happening recently.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.