I just want to point out that at some point along the way some idiot updated 1/2 the production servers' IP addresses in the DNS but for the production testing environments they did not so.
It would appear I was that idiot. These were dormant instances so I never got around to it. So if you get that error perhaps you have made the same mistake. Thanks for reading and have a great day. Cheers P On Fri, 19 Jul 2024 at 08:47, Mike O'Connor <[email protected]> wrote: > Hi Piers, > > So going back to the initial problem, I think your best option is to use > the already running web server and configure it not to redirect for the url > below > > http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN> > > Mike > > > On 19/7/2024 8:16 am, [email protected] wrote: > > I've just updated the support server in the same account/firewall in AWS > with this: > > certbot certonly --standalone --preferred-challenges http -d some.domain > > ....not a problem. Both servers are identical. Using --standalone I > stopped and started apache; but still the production server fails with the > errors: > > Timeout during connect (likely firewall problem) > > Hint: The Certificate Authority failed to download the challenge files > from the temporary standalone webserver started by Certbot on port 80. > Ensure that the listed domains point to this machine and that it can accept > inbound connections from the internet. > > Some challenges have failed. > > I will see if the firewalls have issues but when I nmap'ed them the ports > were open. > > Any help would be appreciated > > Thanks > > P > > On Fri, 19 Jul 2024 at 06:50, Piers Rowan <[email protected]> wrote: > >> Hi there, >> >> I have a production server that has decided to not renew the certs. I >> have changed nothing except tried enough variations to now be rate limited. >> >> I suspect that as all of the challenges are over HTTP and all of the >> domains redirect to HTTPS then the challenges aren't getting through. I've >> tried this with apache running and off and multiple commands: >> >> #1 Normal way that "Just Works" >> certbot certonly --webroot -w /var/www/certbot -m [email protected] -d >> web.site >> >> #2 Chat suggested this change - unsupported plugin (I think) >> certbot certonly --preferred-challenges https --webroot -w >> /var/www/certbot -m [email protected] -d web.site >> >> #3 - Then standalone with apache off >> certbot certonly --standalone --preferred-challenges tls-alpn-01 -m >> [email protected] -d web.site >> >> I ran the "normal" command on the identical staging server and it just >> worked. >> >> What's next? There have been no changes to AWS, firewalls, etc. I was >> just expecting that it would work like it has done for the last few years >> but it isn't the case (aka #1) >> >> Any ideas? >> >> Thanks >> >> P >> >> -- >> Piers Rowan >> [email protected] >> 0498 808 900 >> > > _______________________________________________ > luv-main mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > >
_______________________________________________ luv-main mailing list -- [email protected] To unsubscribe send an email to [email protected]
