OK, I removed the snap version of certbot and reinstalled Deb12.9’s version.
root@vulture:~# certbot --version
certbot 2.1.
root@vulture:~#
When I try to request a renewal by going to Manage Virtual Server -> Setup SSL Certificate -> SSL Providers
and then clicking Only Update Renewal,
the page refreshes and goes back to Current Certificate,
and it still tells me it’s still expired.
Now, OTOH, if I click Request Certificate
from the SSL Providers
page, it will attempt to get a cert, but fail with the below error message.
Checking hostnames for resolvability …
… all hostnames can be resolved
Requesting a certificate for grunk.xyz, www.grunk.xyz, admin.grunk.xyz, xaerolimit.net, www.xaerolimit.net from Let’s Encrypt …
… request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for grunk.xyz and 4 more domains
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: admin.grunk.xyz
Type: connection
Detail: 2001:19f0:c:d51:5400:4ff:fe7c:fb7d: Fetching https://grunk.xyz:10000/.well-known/acme-challenge/IvaVhWIYu-LLWbsPHpnvChzKfjNj2hcdWMcqAIZNYf4: Invalid port in redirect target. Only ports 80 and 443 are supported, not 10000
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
DNS-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for grunk.xyz and 4 more domains
Hook '--manual-auth-hook' for admin.grunk.xyz reported error code 255
Hook '--manual-auth-hook' for admin.grunk.xyz ran with error output:
Failed to update DNS records :
An error occurred (InvalidChangeBatch) when calling the ChangeResourceRecordSets operation: [The request contains an invalid set of changes for a resource record set 'CAA grunk.xyz.', The request contains an invalid set of changes for a resource record set 'MX grunk.xyz.', The request contains an invalid set of changes for a resource record set 'TXT grunk.xyz.', The request contains an invalid set of changes for a resource record set 'A ns.grunk.xyz.', The request contains an invalid set of changes for a resource record set 'AAAA ns.grunk.xyz.']
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: admin.grunk.xyz
Type: unauthorized
Detail: No TXT record found at _acme-challenge.admin.grunk.xyz
Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
The folks over at Lets Encrypt agreed that it’s failing because it’s requesting the verification on a port that certbot cannot use (as they have stated, it can only request that verification via port 80 and/or 443.
So this is where I am at and what spawned this.