Solved Certificate Renewal failed

Mightymoose

LetsEncrypt isn't working when I run it. It returns with failed. Only one app is installed. Wordpress is working and I can access it.

I've checked the logs and it says this:

Jun 16 11:45:01 box:cert/acme2 waitForChallenge: status is "invalid" {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"Fetching http://www.manchestervita.co.uk/.well-known/acme-challenge/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY: Timeout during connect (likely firewall problem)","status":400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5274359311/6vbmqQ","token":"OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY","validationRecord":[{"url":"http://www.manchestervita.co.uk/.well-known/acme-challenge/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY","hostname":"www.manchestervita.co.uk","port":"80","addressesResolved":["132.145.78.53"],"addressUsed":"132.145.78.53"}]}
Jun 16 11:45:21 box:cert/acme2 waitingForChallenge: getting status
Jun 16 11:45:22 box:cert/acme2 sendSignedRequest: using nonce 0101TAg8vndwiRc6vhaGV1bfx4N163MxiP5DT0TtSQnirZs for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/5274359311/6vbmqQ
Jun 16 11:45:22 box:cert/acme2 waitForChallenge: status is "invalid" {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"Fetching http://www.manchestervita.co.uk/.well-known/acme-challenge/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY: Timeout during connect (likely firewall problem)","status":400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5274359311/6vbmqQ","token":"OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY","validationRecord":[{"url":"http://www.manchestervita.co.uk/.well-known/acme-challenge/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY","hostname":"www.manchestervita.co.uk","port":"80","addressesResolved":["132.145.78.53"],"addressUsed":"132.145.78.53"}]}
Jun 16 11:45:42 box:cert/acme2 waitingForChallenge: getting status
Jun 16 11:45:43 box:cert/acme2 sendSignedRequest: using nonce 0101EynWmGT4lKumE5sfPnE3G8WKx4N9dPyZpkysqFIRWUU for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/5274359311/6vbmqQ
Jun 16 11:45:43 box:cert/acme2 waitForChallenge: status is "invalid" {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"Fetching http://www.manchestervita.co.uk/.well-known/acme-challenge/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY: Timeout during connect (likely firewall problem)","status":400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5274359311/6vbmqQ","token":"OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY","validationRecord":[{"url":"http://www.manchestervita.co.uk/.well-known/acme-challenge/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY","hostname":"www.manchestervita.co.uk","port":"80","addressesResolved":["132.145.78.53"],"addressUsed":"132.145.78.53"}]}
Jun 16 11:46:03 box:cert/acme2 waitingForChallenge: getting status
Jun 16 11:46:04 box:cert/acme2 sendSignedRequest: using nonce 0101cq7BTGpe7cYFsmouG3XBKO76ZhpnBESuGq6H-FoPsgo for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/5274359311/6vbmqQ
Jun 16 11:46:04 box:cert/acme2 waitForChallenge: status is "invalid" {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"Fetching http://www.manchestervita.co.uk/.well-known/acme-challenge/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY: Timeout during connect (likely firewall problem)","status":400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5274359311/6vbmqQ","token":"OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY","validationRecord":[{"url":"http://www.manchestervita.co.uk/.well-known/acme-challenge/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY","hostname":"www.manchestervita.co.uk","port":"80","addressesResolved":["132.145.78.53"],"addressUsed":"132.145.78.53"}]}
Jun 16 11:46:04 box:cert/acme2 cleanupChallenge: http: true
Jun 16 11:46:04 box:cert/acme2 cleanupHttpChallenge: unlinking /home/yellowtent/platformdata/acme/OQExBozEoaua7uafBFTHhUNebyKKFgFr2MPsTZ9XAOY
Jun 16 11:46:04 box:reverseproxy ensureCertificate: error: Unexpected status: invalid cert: null
Jun 16 11:46:04 box:reverseproxy notifyCertChanged: vhost: www.manchestervita.co.uk mailFqdn: my.www.manchestervita.co.uk
Jun 16 11:46:04 box:reverseproxy ensureCertificate: renewal of www.manchestervita.co.uk failed. using fallback certificates for www.manchestervita.co.uk
Jun 16 11:46:04 box:reverseproxy renewCerts: Renewed certs of []
Jun 16 11:46:04 box:tasks setCompleted - 8: {"result":null,"error":null}
Jun 16 11:46:04 box:tasks 8: {"percent":100,"result":null,"error":null}

Anyone know whats going wrong?

nebulon

Since the logs indicate, that your Cloudron uses http challenge for this domain, can you double check that port 80 is open and reachable for your Cloudron?

Mightymoose

Damn, that was it. Port 80 was closed. Opened it and its working. Such a stupid mistake. Thanks.

Quick question, where do I find the login details for the wordpress app I've just installed?

nebulon

If you have installed it with Cloudron usermanagement enabled, then the credentials are the same as for the Cloudron users, otherwise go to the app's configure view in the dashboard and on the top right of the view there is a Documentation button which has a "First Time Setup" explaining it.

Mightymoose

@nebulon When I try to login with Cloudron user details, it says there's no Wordpress user with that email

nebulon

Have you tried using the username?

Mightymoose

That password doesn't work with the username

girish

@Mightymoose There are two flavors of the WordPress app - managed and unmanaged (the former has blue icon and the latter has a grayish icon). Which one did you install? Can you try re-installing the app?