Letsencrypt renewal times out

Hello all,

FreePBX 15.xx here
I setup a letsencrypt certificate about three years ago and has been working/renewing great, until now.

I started to get the expiry email notices from letsencrypt. It’s now down to four days until it will expire.

I can verify, port 80 is wide open to my PBX. Nothing has changed on my end.
The FreePBX firewall is also disabled.
When I manually run “fwconsole cert --updateall” it will go through the motions. and then eventually try several times:
“sending signed request to https://acme-V02.api.letsencrypt.org/acme/chall-v3/xxxxxxxxx/m1zBDg Verification pending, sleeping 1s”
It will then say “There was an error updating certificate “pbx.mypbx.com” : Verification Timed out”
I’ve read several other’s in this forum that had the same issue, but it seems there was never any solution given.
Thanks

Also experiencing the exact same thing.

Relevant logs from httpd’s access_log:

::1 - - [07/Jun/2024:12:48:35 -0400] "GET /.freepbx-known/27ad08599054ecf24c97459d379e6542 HTTP/1.1" 200 32 "-" "-"
104.248.232.150 - - [07/Jun/2024:12:48:35 -0400] "GET /.freepbx-known/27ad08599054ecf24c97459d379e6542 HTTP/1.1" 200 32 "-" "-"

https://letsdebug.net/ says everything is A-OK.

I even tried deleting the cert and recreating it, but unable. Still times out.

Checked let’s encrypts website and says all is well there as well.

I’m thankfully not pressed for a timely fix as I just got the 19 day notification this morning

It’s sometime related to a missing cron job

https://community.freepbx.org/t/any-updates-on-letsencrypt-certs-not-renewing-automatically/92375/21?u=chrischevy

I did check that solution and I had that entry so still a no go.
Now that I deleted the certificate, I’m unable to create it. Still times out. Now what?

dcorwin822

I found this

This is most likely my problem as we have most countries outside of the USA blocked off.

I saw that as well, I dropped the FW in freepbx which didn’t help. My install is on a vultr instance other firewall installed.

Didn’t change a damn thing and then about an hour later it just goes through like nothing.

This was my problem. I temporarily disabled my Geo-Blocking policy and the certificate installed and updated without any issues. Looks like I’ll have to do this manually every three months.

Thats weird because in my situation we didn’t have a geolocation block enabled.