Lets Encrypt not updating after a month

Hello there

It works fine for a month and then it is not reachable from my wifi or the externally. The server is not reachable. I get the following message if i try an update lets encrypt. My no Ip seams fine.
It would be nice if someone could help me with this issue. Thanks. I dien’t find a noter topic similar to this, except one from 2014.

[ letsencrypt ] (Mon Sep 5 23:16:16 BST 2022)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for tinymaxi.ddns.me
Performing the following challenges:
http-01 challenge for tinymaxi.ddns.me
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification…
Challenge failed for domain tinymaxi.ddns.me
http-01 challenge for tinymaxi.ddns.me
Cleaning up challenges
Some challenges have failed.

  • The following errors were reported by the server:

Domain: tinymaxi.ddns.me
Type: dns
Detail: no valid A records found for tinymaxi.ddns.me; no valid
AAAA records found for tinymaxi.ddns.me

Your server is not reachable on the IP-address configured for your domain.

Have you setup any dynamic DNS service?

I don’t know but it seems to me that you are losing your connection when your ISP gives you a new public IP.

The currently configured public IP for your domain is not reachable and ports 80 & 443 are not open.

└࿓❯ dig tinymaxi.ddns.me
; <<>> DiG 9.11.5-P4-5.1+deb10u7-Debian <<>> tinymaxi.ddns.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3349
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 512
;tinymaxi.ddns.me.		IN	A

tinymaxi.ddns.me.	32	IN	A

;; Query time: 20 msec
;; WHEN: Tue Sep 06 00:33:22 CEST 2022
;; MSG SIZE  rcvd: 61

Edit: @Tinymaxi My bad, I forgot :smiley: It’s also a private IP address, not a public one

Reserved for private networks.

The organizations that distribute IP addresses to the world reserves a range of IP addresses for private networks.

  • – (65,536 IP addresses)
  • – (1,048,576 IP addresses)
  • – (16,777,216 IP addresses)

You can check your public IP address here

1 Like

Thank you very much for your constructive feedback. Yes I have a ddns service no-ip.
As shown below it seems to be working. And it says on the Homepage of no-ip that my ports

Auto configuration for Linux client of no-ip.com.

Only one host [tinymaxi.ddns.me] is registered to this account.
It will be used.

New configuration file ‘/usr/local/etc/no-ip2.conf’ created.

Failed to enable unit: Unit /run/systemd/generator.late/noip2.service is transient or generated.
System config value trusted_domains => 3 set to string tinymaxi.ddns.me
System config value overwrite.cli.url set to string https://tinymaxi.ddns.me/
System config value trusted_proxies => 11 set to string
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string tinymaxi.ddns.me
System config value trusted_proxies => 14 set to string
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
noip DDNS enabled

Thank you & you’re welcome :pray: just trying to help you figure it out the best I can in-between my work and my studies

I’m guessing you were going to write “open”?

Yes, they are open now and your domain is configured with a public IP, I had missed that the previous entry in your DNS records, the one in the post above, contained a private IP address and not a public one so checking for ports wasn’t needed ^^

I don’t know, but I still think that somehow the automatic update of your DNS record to your new public IP, which is what the DDNS should do, isn’t working or something maybe when you receive a new public IP. Since a private one was set in the record when I checked

For how long is it down for you when it happens?

The trusted proxy with IP, are you using a reverse proxy, is that your router or is it the IP of the device with ncp installed on it?

If you run sudo ncp-report in the terminal you can get a bit more info

Noip should also have a log at /var/log