While everything was working perfectly until now (more than 2 years), I am having problems renewing the SSL certificates of the sites on my server.
Suddenly the renewal attempts fail with the following message:
Timeout during connect (likely firewall problem)
Here is one of the example sites:
Renewing an existing certificate for coeursdechiens.ch and www.coeursdechiens.ch
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: coeursdechiens.ch
Type: connection
Detail: 51.91.20.129: Fetching https://coeursdechiens.ch/.well-known/acme-challenge/e9yLcJ1oBtYelAFixN6GKK49MYkWBM1SZzbFSWGPNUA: Timeout during connect (likely firewall problem)
Domain: www.coeursdechiens.ch
Type: connection
Detail: 51.91.20.129: Fetching http://coeursdechiens.ch/.well-known/acme-challenge/oRqJFHmmBfcsy0XOeSHNq4_isuCGjmB9Eiv48qEUN1U: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
I tried a renewal by disabling Fail2ban and FirewallD … Without success !
Still get the same issue.
I have tested than the server is accessible:
nmap -p 80,443 coeursdechiens.ch
Nmap scan report for coeursdechiens.ch (51.91.20.129)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
I have spent a lot of time looking for a solution, but to no avail.
Do you have any ideas on how to solve this issue?
Yes, it is caused by Wordpress redirections which, instead of considering the link as reachable, show the 404 page, so as to show something concrete to the user, rather than a blank page
Strange thing … the site isn’t using WordPress and all works fine a few days ago.
It use WinterCMS witch the default .htaccess file whitelist the .well-known folder and his children.
I tried to create a file in a subdirectory and access it, no redirection in action.
I’ll have to investigate a bit more when the next certificate renewal comes up on one of the server’s sites.