Hi,
I have issue very similar to this one.
I have had working AIO installation on server behind pfSense firewall:
- DynDNS is in use (joker. com), no AAAA records
- Forwarded 443,80 and 8443 successfully
After cert expiration I changed (sub)domain name:
- created DynDNS entry for new sub-domain
- changed domain name.
(I am referring my.domain.tld as the new domain name)
nextcloud-aio-apache log:
{"level":"error","ts":1705738316.5807402,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"my.domain.tld","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"[IPv4 address]: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
{"level":"error","ts":1705738316.5808988,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"my.domain.tld","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"[IPv4 address]: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1369079766/238048687246","attempt":1,"max_attempts":3}
{"level":"error","ts":1705738316.581015,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"my.domain.tld","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - [IPv4 address]: Timeout during connect (likely firewall problem)"}
{"level":"error","ts":1705738316.5811446,"logger":"tls.obtain","msg":"will retry","error":"[my.domain.tld] Obtain: [my.domain.tld] solving challenge: my.domain.tld: [my.domain.tld] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - [IPv4 address]: Timeout during connect (likely firewall problem) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":12.649496268,"max_duration":2592000}
Connectiing to https://my.domain.tld gives following error:
SSL_ERROR_INTERNAL_ERROR_ALERT
Connectin to AIO interface via my.domain.tld:8443 is possible and I get valid certificate for that connection.
Verified that configuration.json has only my.domain.tld and no mentions of old domain name is found.
Errors indicate firewall problems but I am confused as to what connection is timing out (SSL cert from port 8443/80 is working).
Any debuging advice and ideas are welcome.