I've just updated the support server in the same account/firewall in AWS with this:
certbot certonly --standalone --preferred-challenges http -d some.domain ....not a problem. Both servers are identical. Using --standalone I stopped and started apache; but still the production server fails with the errors: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Some challenges have failed. I will see if the firewalls have issues but when I nmap'ed them the ports were open. Any help would be appreciated Thanks P On Fri, 19 Jul 2024 at 06:50, Piers Rowan <[email protected]> wrote: > Hi there, > > I have a production server that has decided to not renew the certs. I have > changed nothing except tried enough variations to now be rate limited. > > I suspect that as all of the challenges are over HTTP and all of the > domains redirect to HTTPS then the challenges aren't getting through. I've > tried this with apache running and off and multiple commands: > > #1 Normal way that "Just Works" > certbot certonly --webroot -w /var/www/certbot -m [email protected] -d > web.site > > #2 Chat suggested this change - unsupported plugin (I think) > certbot certonly --preferred-challenges https --webroot -w > /var/www/certbot -m [email protected] -d web.site > > #3 - Then standalone with apache off > certbot certonly --standalone --preferred-challenges tls-alpn-01 -m > [email protected] -d web.site > > I ran the "normal" command on the identical staging server and it just > worked. > > What's next? There have been no changes to AWS, firewalls, etc. I was just > expecting that it would work like it has done for the last few years but it > isn't the case (aka #1) > > Any ideas? > > Thanks > > P > > -- > Piers Rowan > [email protected] > 0498 808 900 >
_______________________________________________ luv-main mailing list -- [email protected] To unsubscribe send an email to [email protected]
