Can't install SSL in Limited Access Domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: uat.ehealth.kerala.gov.in

I ran this command: certbot certonly --standalone -d uat.ehealth.kerala.gov.in

It produced this output:
Performing the following challenges:
http-01 challenge for uat.ehealth.kerala.gov.in
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

My web server is (include version): tomcat running in 8080 Port

The operating system my web server runs on is (include version): Centos 7

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is certbot 0.36.0

1 Like

Hi @nidheesh

two problems:

First, looks like your port 80 is blocked by another program. Is this a webserver / Apache / nginx? If yes, use this webserver directly instead of --standalone. Standalone tries to start an own webserver. But to do that, port 80 must be free. Or stop that other program, then use certbot, then start that other program again.

Second, your domain is invisible - https://check-your-website.server-daten.de/?q=uat.ehealth.kerala.gov.in

Domainname Http-Status redirect Sec. G
http://uat.ehealth.kerala.gov.in/
61.0.248.24 -14 10.013 T
Timeout - The operation has timed out
http://www.uat.ehealth.kerala.gov.in/
61.0.248.24 -14 10.014 T
Timeout - The operation has timed out
https://uat.ehealth.kerala.gov.in/
61.0.248.24 -14 10.017 T
Timeout - The operation has timed out
https://www.uat.ehealth.kerala.gov.in/
61.0.248.24 -14 10.016 T
Timeout - The operation has timed out
http://uat.ehealth.kerala.gov.in/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
61.0.248.24 -14 10.016 T
Timeout - The operation has timed out
Visible Content:
http://www.uat.ehealth.kerala.gov.in/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
61.0.248.24 -14 10.020 T
Timeout - The operation has timed out
Visible Content:

Only timeouts. If you want to use http-01 validation, an open port 80 with a webserver is required. /.well-known/acme-challenge/random-filename must work.

1 Like

Server Restricted from other IPs. Please share lets encrypt trying IP

That’s not possible. Let’s Encrypt can connect from any IP.

We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.

You could allow access to files in the /.well-known/acme-challenge/ directory while blocking access to other paths, though.

You can also use DNS validation, if it’s possible in your environment and with your DNS service.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.