[SOLVED] Letsencrypt certificate expired, did not autorenew and not possible to re-obtain

The letsencrypt certificate expired and didn’t automatically renew. Deletinng (moving) the directory under /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory didn’t help. Obtaining a new certificate didn’t work.

Failed to obtain certificate for domain xxxx: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for ubuntudigilab.freedombox.rocks Using the webroot path /var/www/html for all unmatched domains. Waiting for verification… Cleaning up challenges Failed authorization procedure. xxxx (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xxxx/.well-known/acme-challenge/9C9nObga-MR_xxxx: Error getting validation data

The freedombox is plugged into the router.
The letsencrypt certificate has worked until it expired.
Running Debian GNU/Linux 10 (buster) and FreedomBox version 20.11. FreedomBox is up to date.

How to proceed?

Thanks!

I looks like your domain is not reachable from the larger Internet. LE certificate must have been reobtained about a month before it got expired.

  • Verify that the Dynamic DNS IP address pointing to your FreedomBox is correct. Check your IP with curl ipinfo.io on the FreedomBox. Check domain IP with dig <yourdomain>.
    • If this is the cause, try providing the IP detection URL in the dynamic DNS settings.
  • Check that your website is reachable from outside say using an alternate network such 4G phone network.

Thanks for your quick reply!

The IP is reachable from outside but connecting with a browser gets a “Your connection is not private” message because the certificate has expired.

The results of the commands seem normal. The ip offered is correct.

EDIT: Let me try opening up port 80. I only needed port 443 for HTTPS when the certificate was working properly.

That solved it!

Does autorenew need port 80 as well ? Could that have been the reason why this problem was caused in the first place ?

1 Like

Fantastic! Let’s Encrypt does need 80 port.