[SOLVED] Lets encrypt fails to renew certificate

Freedombox is plugged into a router at home.
Bought in June 2020.
Debian GNU/Linux 13 (trixie) and FreedomBox Version 25.14.

Hi to all,
my Freedombox became unreachable from the internet a while ago. Running diagnostics everything is OK except Letsencrypt throwing an error. It seems impossible to renew the certificates.

Nov 11 10:27:12 freedombox /usr/lib/freedombox/freedombox-privileged[15191]: Error running action: letsencrypt..obtain(..): Command '['certbot', 'certonly', '--non-interactive', '--text', '--agree-tos', '--register-unsafely-without-email', '--domain', 'XXXX.fbx.one', '--authenticator', 'webroot', '--webroot-path', '/var/www/html', '--renew-by-default']' returned non-zero exit status 1.
                                                                             stdout:
                                                                             Renewing an existing certificate for XXXX.fbx.one                                                                            
                                                                            Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
                                                                               Domain: XXX.fbx.one
                                                                               Type:   connection
                                                                               Detail: xxx.xxx.xx.xx: Fetching http://XXX.fbx.one/.well-known/acme-challenge/xyxyxy: Timeout during connect (likely firewall problem)
                                                                                                                                                         Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Traceback (most recent call last):
                                                                               File "/usr/lib/python3/dist-packages/plinth/actions.py", line 496, in _privileged_call
                                                                                 return_values = func(*arguments['args'], **arguments['kwargs'])
                                                                               File "/usr/lib/python3/dist-packages/plinth/modules/letsencrypt/privileged.py", line 136, in obtain
                                                                                 action_utils.run(command, check=True)
                                                                                 ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
                                                                               File "/usr/lib/python3/dist-packages/plinth/action_utils.py", line 838, in run
                                                                                 raise exception
                                                                               File "/usr/lib/python3/dist-packages/plinth/action_utils.py", line 825, in run
                                                                                 process = subprocess.run(command, **kwargs)
                                                                               File "/usr/lib/python3.13/subprocess.py", line 577, in run
                                                                                 raise CalledProcessError(retcode, process.args,
                                                                                                          output=stdout, stderr=stderr)
                                                                             subprocess.CalledProcessError: Command '['certbot', 'certonly', '--non-interactive', '--text', '--agree-tos', '--register-unsafely-without-email', '--domain', 'XXXX.fbx.one', '--authenticator', 'webroot', '--webroot-path', '/var/www/html', '--renew-by-default']' returned non-zero exit status 1.

In the logs it says “likely firewall problem”, but I haven’t changed anything on the Freedombox. What did change is that my ISP no longer provides me with an IPv4 address, only IPv6.

Any idea how I can fix this?

Cheers, Michael

Unfortunately, dynamic DNS service at ddns.freedombox.org does not yet support IPv6 addresses. This is planned soon. Until then please use another dynamic DNS service that supports IPv6. Your domain should resolve to IPv6 address (with a AAAA record) and should not resolve to IPv4 address (should not have A record). Then you should be able to obtain Let’s Encrypt certificates again. Note that you will not be able to access your domain from IPv4-only networks.

Hallo Sunil, thanks for your answer.
I will see whether my ISP will assign me a IPv4 temporarily.
Is there a timeline for

I guess that would help me when discussing my case with my ISP.

I don’t have a timeline. At least another user is facing this issue. It would perhaps take me one to two weeks to implement. However, I currently committed to another higher priority feature that could take several weeks to complete.

Thanks for the feedback. And thanks a lot for the energy and time you ,and everyone else involved, invest in this amazing project!

An update from my side: my ISP assigned me a public IPv4 address as a temporary workaround, I don’t know for how long. But for now my fbx is reachable again.