Steps to reproduce
-
Run renew.sh
-
Error updating certificate:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Identifier: xxxx.xxxx.xxx
Type: connection
Detail: xxx.xxx.xxx.x: Fetching http://xxx.xxx.xxx/.well-known/acme-challenge/: Timeout during connect (likely firewall problem)Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed identifiers serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Failed to renew certificate with error: Some challenges have failed.
Expected behaviour
Renewal has been working with cron scheduler up until June 1st. Stopped working now.
Actual behaviour
Renewal fails the Acme Challenge.
Server configuration
Operating system: Ubuntu 22.04
Web server: Apache2
ownCloud version: 10.13.
Updated from an older ownCloud or fresh install: Nothing updated, I’ll admit I don’t update as often as I should.
Are you using encryption: yes
I’ve added the Acme Challenge as per the Apache Configuration in the OwnCloud docs into my webserver virtual host file, however up until now I was getting away without it for some reason. I’ll also note that my cerbot is installed via snap, directories might be messed up. I’ve created the directories for the acme challenge in /var/www/letsencrypt/ and set permissions for the web user.
I’m very much a novice so any help would be greatly appreciated. Thanks!
Here is my VirtualHost config:
<VirtualHost *:80>
ServerName xxx.xxx.xxx
Redirect permanent / https://xxx.xxx.xxx
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =xxx.xxx.xxx
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Alias /.well-known/acme-challenge/ /var/www/letsencrypt/.well-known/acme-challenge/
<Directory “/var/www/letsencrypt/.well-known/acme-challenge/”>
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 “^(?!/.well-known/acme-challenge/[\w-]{43}$)”
<VirtualHost *:443>
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”