Cannot get certifications for my domain

My domain is: loopy5418.net

I ran this command: certbot -d loopy5418.net --nginx

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for loopy5418.net

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: loopy5418.net
  Type:   connection
  Detail: 4.232.136.188: Fetching http://loopy5418.net/.well-known/acme-challenge/EYBFjbPJDLjyWqaQwlQMYWyszpj1F2ocJ4S0srpfmB0: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The operating system my web server runs on is (include version): Ubuntu 22.04 Server

My hosting provider, if applicable, is: Cloudflare

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: dash.cloudflare.com

The version of my client is: 1.21.0

I am setting up a Prosody XMPP server with Microsoft Azure VMs, i already installed Prosody, configured them right, but when it comes to certificates and DNS records on my domain, i need assistance. When i try to get the certificates for my domain and their subdomains, they fail and i don't know the reason. Sorry for being so dumb but i cannot understand why from the output. Here are my associated DNS records:

This error is pretty much self-explanatory, isn't it? In order to get a cert, your server needs to respond to connections from the public Internet on port 80. It isn't doing so. The most likely reason, as the message tells you, is that a firewall is blocking such connections--you'll need to find and fix that firewall.

5 Likes

The timeout problem @danb35 pointed out is your most important.

But, why were you using the --nginx option? You don't say anything about setting one of those up.

3 Likes

I really don't know, i copied the command off of a guide.

Hmm. That guide says

Run the following certbot command. Include the --nginx if you also have an NGINX server running.

Emphasis mine :slight_smile:

Some people might use nginx as a reverse proxy in front of their other apps / servers. I think they mean to use that option if that is what you are doing.

4 Likes

I must have not seen it, didn't know that, thanks tho

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.