When attempting to renew an SSL Certificate for a domain using Certbot on Ubuntu, we may encounter the following problem:
Renewing an existing certificate for <www.my-domain.com> Performing the following challenges: http-01 challenge for <www.my-domain.com> Waiting for verification... Challenge failed for domain <www.my-domain.com>
This may mean that the domain cannot be accessed properly, i.e. the test requires an external connection to our server to succeed over TLS (SSL).
We need to make sure that the domain can be reached on port 443.
Thus, ensure the firewall (UFW) allows connections on port 443:
$ ufw allow 443
Depending on the user executing the command, this may need to be run as superuser:
$ sudo ufw allow 443
We can now try the Certbot renew command again.