@Constantine, I’m finally able to resolve this. Here’s the issue - the onlyoffice server is behind a nat firewall. for this type of installation, apparently both 443 and 80 inbound should be open at the point of certificate renewal. Seems that letsencrypt, for some reasons, probes port 80 of the site before renewing the certificate. we only enabled 443 as the site has been working on 443, and disabled the public IP’s port 80 inbound.
Here’s the odd part though:
- there is no error log file from community server, control panel, and even let’s encrypt that the “Generate and Apply” failed.
- the “Generate and Apply” even generated a success notification.
- no error was shown that port 80 was required
Glad that finally this is resolved. Thank you
Hello @rodster
Sorry for the delayed response.
I’m glad to hear that you’ve managed the whole situation out.
I will try to check out this behavior. If I get any details, then will provide them.
1 Like
Here are some more information about the need to have port 80 opened for inbound:
https://letsencrypt.org/docs/allow-port-80/
Also, there is a direct answer to the question “Is port 80 required for renewals?” in this thread:
https://community.letsencrypt.org/t/is-port-80-required-for-renewals/121432/4
Spoiler: it is.
thank you @Constantine. I didn’t know I had to open port 80 for the auto renewal to run successfully, until that was one of the variables I was changing, and was surprised that it worked. anyway, I hope this post helps others who may experience the same issue on certificate auto renewal. thanks again.
1 Like
It surely does.
Thank you for your patience.