- Nextcloud AIO v4.9.0 (all containers are up to date)
- Running on Raspberry Pi
Hi, the Lets Encrypt certificate has expired and it has not been automatically renewed.
From the Apache log:
{"level":"info","ts":1682675704.6833503,"msg":"[INFO][FileStorage:/mnt/data/caddy] Lock for 'issue_cert_MY_DOMAIN' is stale (created: 2023-04-28 09:36:25.268346873 +0200 CEST, last update: 2023-04-28 11:52:21.275205199 +0200 CEST); removing then retrying: /mnt/data/caddy/locks/issue_cert_MY_DOMAIN.lock"}
{"level":"error","ts":1682675716.9570122,"logger":"http.acme_client","msg":"challenge failed","identifier":"MY_DOMAIN","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"MY_SERVER_IP: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
{"level":"error","ts":1682675716.9572487,"logger":"http.acme_client","msg":"validating authorization","identifier":"MY_DOMAIN","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"MY_SERVER_IP: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/ORDER_NUMBER","attempt":1,"max_attempts":3}
{"level":"error","ts":1682675716.9574673,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"MY_DOMAIN","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - MY_SERVER_IP: Timeout during connect (likely firewall problem)"}
{"level":"error","ts":1682675716.9582007,"logger":"tls.renew","msg":"will retry","error":"[MY_DOMAIN] Renew: [MY_DOMAIN] solving challenge: MY_DOMAIN: [MY_DOMAIN] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - MY_SERVER_IP: Timeout during connect (likely firewall problem) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":12.26669377,"max_duration":2592000}
...
- Things looks like to be set up correctly :
- ports 80, 443 forwared in router
- domain is provided by noip.com and it points to my router IP
- the firewall (UFW in Raspberry OS) is disabled
I don’t know what to do, perhaps could be the certificate renewed by standalone command?