Error while renewing letsencrypt certificate

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 18.0.2): 19.0.4.2
Operating system and version (eg, Ubuntu 20.04): Debian
Apache or nginx version (eg, Apache 2.4.25) : 2.4.38
PHP version (eg, 7.1) : 7.3.19-1
NextCloudPlus: v1.32.0

The issue you are facing:
Error in certificate renewal progress.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Try to renew letsencrypt certificate via ncp-config or ncp panel

Letsencrypt.log says:

2020-11-25 15:48:25,711:DEBUG:acme.client:Storing nonce: 0004TzoIIj04HHWOzu5Acrc0GRE0QyvRTZAEnupxI50DFyY
2020-11-25 15:48:25,713:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: bardhome.de
Type:   connection
Detail: Fetching https://bardhome.de/.well-known/acme-challenge/a4zoAXq3zR7xE2JuCxh-RHh7LiGpFB8mBdux8T6dcek: Error getting validation data

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, pleas$
2020-11-25 15:48:25,718:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. bardhome.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to veri$

2020-11-25 15:48:25,718:DEBUG:certbot.error_handler:Calling registered functions
2020-11-25 15:48:25,718:INFO:certbot.auth_handler:Cleaning up challenges
2020-11-25 15:48:25,718:DEBUG:certbot.plugins.webroot:Removing /var/www/nextcloud/.well-known/acme-challenge/a4zoAXq3zR7xE2JuCxh-RHh7LiGpFB8mBdux8T6dcek
2020-11-25 15:48:25,719:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2020-11-25 15:48:25,720:WARNING:certbot.renewal:Attempting to renew cert (bardhome.de) from /etc/letsencrypt/renewal/bardhome.de.conf produced an unexpected error: Failed authoriz$
2020-11-25 15:48:25,725:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 452, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. bardhome.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to veri$

2020-11-25 15:48:25,725:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2020-11-25 15:48:25,726:ERROR:certbot.renewal:  /etc/letsencrypt/live/bardhome.de/fullchain.pem (failure)
2020-11-25 15:48:25,726:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)

When running the certbot via ncp-config:

Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
An unexpected error occurred:
Error creating new order :: Cannot issue for "_": Domain name contains an invalid character
Please see the logfiles in /var/log/letsencrypt for more details.
Done. Press any key...

Make sure that your server is reachable over the internet on port 80/tcp (http-01), so that the LE backend server is able to verify the provided challenge.

Thank you! My fritzbox says everything ist correct.

But you are right, nextcloud says:

Although pinging from a web service works fine:

according to ping.eu, also the ports are open:


can anyone help here? It is really strange. Dont know what to do. Is this a Bug in nextcloud?
I checked also directly with ping.eu on my IP (79.244.36.XXX, censored), says port 80 and 443 are open, but NextcloudPlus says in the panel that the ports are closed.

It was a bug in ncp’s portcheck, due to upstream change in protocol, which has been fixed, just update ncp to v.1.32.0

1 Like

Thanks, I updated to v1.32.0, but still get the error.

Found the error. I had the wrong IP adress in

Set up a static IP address

Static IP (ACTIVE=yes), or DHCP (ACTIVE=no)

1 Like