Hi Piers,
So going back to the initial problem, I think your best option is to use
the already running web server and configure it not to redirect for the
url below
|http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>|
Mike
On 19/7/2024 8:16 am, [email protected] wrote:
I've just updated the support server in the same account/firewall in
AWS with this:
certbot certonly --standalone --preferred-challenges http -d some.domain
....not a problem. Both servers are identical. Using --standalone I
stopped and started apache; but still the production server fails with
the errors:
Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files
from the temporary standalone webserver started by Certbot on port 80.
Ensure that the listed domains point to this machine and that it can
accept inbound connections from the internet.
Some challenges have failed.
I will see if the firewalls have issues but when I nmap'ed them the
ports were open.
Any help would be appreciated
Thanks
P
On Fri, 19 Jul 2024 at 06:50, Piers Rowan <[email protected]> wrote:
Hi there,
I have a production server that has decided to not renew the
certs. I have changed nothing except tried enough variations to
now be rate limited.
I suspect that as all of the challenges are over HTTP and all of
the domains redirect to HTTPS then the challenges aren't getting
through. I've tried this with apache running and off and
multiple commands:
#1 Normal way that "Just Works"
certbot certonly --webroot -w /var/www/certbot -m [email protected] -d
web.site
#2 Chat suggested this change - unsupported plugin (I think)
certbot certonly --preferred-challenges https --webroot -w
/var/www/certbot -m [email protected] -d web.site
#3 - Then standalone with apache off
certbot certonly --standalone --preferred-challenges tls-alpn-01
-m [email protected] -d web.site
I ran the "normal" command on the identical staging server and it
just worked.
What's next? There have been no changes to AWS, firewalls, etc. I
was just expecting that it would work like it has done for the
last few years but it isn't the case (aka #1)
Any ideas?
Thanks
P
--
Piers Rowan
[email protected]
0498 808 900
_______________________________________________
luv-main mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
luv-main mailing list -- [email protected]
To unsubscribe send an email to [email protected]
