I got an email from LetsEncrypt, telling me that my SSL was about to expire. I was confident that the renewal bot would run successfully, however, when I checked my site, I was getting a Privacy Error.

I logged into the terminal and checked if I could manually run the renewal through sudo certbot renew --dry-run

But I got the following error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/howdenaces.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.howdenaces.com
http-01 challenge for howdenaces.com
Waiting for verification...
Challenge failed for domain www.howdenaces.com
http-01 challenge for www.howdenaces.com
Cleaning up challenges
Attempting to renew cert (howdenaces.com) from /etc/letsencrypt/renewal/howdenaces.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/howdenaces.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/howdenaces.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.howdenaces.com
   Type:   dns
   Detail: DNS problem: SERVFAIL looking up A for www.howdenaces.com -
   the domain's nameservers may be malfunctioning

I haven’t changed anything with my records with DigitalOcean, or with NameCheap.

My A Records are the following:

A   www.howdenaces.com directs to 128.199.142.171 3600
A   howdenaces.com directs to 128.199.142.171 3600 

I’m not really sure what happened here.

Can anyone point out what I’m missing? It would greatly help. Thank you.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi @angelovillasant,

When I ping your domain - www.howdenaces.com or howdenaces.com it shows me 100 % packet loss

ping howdenaces.com
PING howdenaces.com (128.199.142.171) 56(84) bytes of data.
^C
--- howdenaces.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1010ms

This means that the droplet you have pointed your domain to is not actually online or at least it’s what it seems like Certbot. This is why Certbot is failing.

Regards,
KFSys

Submit an Answer