Can't request ssl "Timeout during connect (likely firewall problem)" & "no valid A records found for norugroup.com; no valid AAAA records found for norugroup.com"

Dhika · November 6, 2023, 12:52am

Please, I'm trying to set up ssl for my raspberry pi docker instance using nginx-proxy-manager, Ive been having problem matching the device IP to my cloudflare dns.

My domain is :

vault0.norugroup.com
norugroup.com

I ran this command:

certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-23" --agree-tos --authenticator webroot --email "andhikafadhlanw@icloud.com" --preferred-challenges "dns,http" --domains "norugroup.com,vault0.norugroup.com"

It produced this output:

Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Requesting a certificate for norugroup.com and vault0.norugroup.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: vault0.norugroup.com
Type: connection
Detail: 103.119.141.211: Fetching http://vault0.norugroup.com/.well-known/acme-challenge/1XXGIKqSBIf9b8BTFLSS5xNzzekhk2iRzdv_kvo8IQw: Timeout during connect (likely firewall problem)

Domain: norugroup.com
Type: dns
Detail: no valid A records found for norugroup.com; no valid AAAA records found for norugroup.com

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.(
My web server is (include version):

nginx(using nginx-proxy-manager)

The operating system my web server runs on is (include version):

raspberrypi os 6.1 ( bookworm)

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot --version 2.1.0

orangepizza · November 6, 2023, 1:14am

Error 1016

Ray ID: 82197a69cef40ff7 • 2023-11-06 01:14:10 UTC

Origin DNS error

What happened?

You've requested a page on a website (www.norugroup.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (www.norugroup.com).

What can I do?

If you are a visitor of this website:
Please try again in a few minutes.

If you are the owner of this website:
Check your DNS settings. If you are using a CNAME origin record, make sure it is valid and resolvable. Additional troubleshooting information here.

error page on you site says what you need

Dhika · November 6, 2023, 1:50am

Oh, I forgot to set proxy status, let me try again.

Dhika · November 6, 2023, 9:10am

With grey cloud:
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
^[[CRequesting a certificate for norugroup.com and vault0.norugroup.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: norugroup.com
Type: connection
Detail: 182.3.43.4: Fetching http://norugroup.com/.well-known/acme-challenge/kdiKDgfoGXBj1DZkYvEUZPInOYYHKZVWne7w1U76CJ0: Timeout during connect (likely firewall problem)

Domain: vault0.norugroup.com
Type: connection
Detail: 182.3.43.4: Fetching http://vault0.norugroup.com/.well-known/acme-challenge/gr2l5rE27KXsiBNT76ENNHb2yBiH7rXz07aIm6kTJ6E: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

with orange cloud:

Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Requesting a certificate for norugroup.com and vault0.norugroup.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: norugroup.com
Type: unauthorized
Detail: 2606:4700:3031::6815:2a76: Invalid response from http://norugroup.com/.well-known/acme-challenge/A7H2CC9llTiMxgUJzGTztttdboTprQXRItNggsDCwJQ: 522

Domain: vault0.norugroup.com
Type: unauthorized
Detail: 2606:4700:3031::6815:2a76: Invalid response from http://vault0.norugroup.com/.well-known/acme-challenge/-Sxzi5SJCRzpc70gj36EgEoojjnp2DkxB14zM3ImYf0: 522

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Dhika · November 6, 2023, 9:11am

Does this mean I already set the correct ip or not?

orangepizza · November 6, 2023, 9:14am

I can't access your site at all: and 182.3.43.4 appears to be belong to a celler ISP, whcih wouldn't open port for you
what's the server?

Dhika · November 6, 2023, 9:23am

Well I am using 4g modem now. No wonder why i could connect earlier to my public ip when I was using public wifi. I'm just gonna try again with wifi I guess.

orangepizza · November 6, 2023, 9:36am

you'll need GitHub - cloudflare/cloudflared: Cloudflare Tunnel client (formerly Argo Tunnel) I didn't use that so not that much to help about that though

Dhika · November 6, 2023, 10:55am

Is it like meshnet dns tunnel? Because I’ve been using that before, but i just wanna try what I can do more with my current setup, too bad my wifi dongle is keep getting heated for some reason. The new one is still on shipping, probably gonna try cloudflare wildcard, maybe that will work this time, last time I tried, it says something like “invalid domain name” or “make sure your credentials match with your account”, sorry I dont remember the exact message. Im pretty sure i gave the correct email address, api name(started with *.), and token. Im just trying to setup my vaultwarden docker container. Any clues on what I might did wrong? Or should I just use dns tunnel, which dns tunnel should I use? Because I dont want to use the one from nordvpn.

orangepizza · November 6, 2023, 11:29am

a public ip address you can forward a port

Dhika · November 7, 2023, 6:29am

Thanks for the advice, I managed to access my docker instance via cloudflare zero trust dns. Next time around I probably gonna get a better setup than what Iam using now.

system · December 7, 2023, 6:30am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error On Create SSL Ubuntu Nginx Help	3	45	January 21, 2025
Certbot failed to authenticate some domains Help	16	468	March 28, 2023
"Some challenges have failed" Help	2	1573	April 4, 2024
Timeout during connect (likely firewall problem) Help	10	2856	November 27, 2021
Timeout during connect Help	7	428	March 15, 2024

Can't request ssl "Timeout during connect (likely firewall problem)" & "no valid A records found for norugroup.com; no valid AAAA records found for norugroup.com"

Error 1016

Origin DNS error

What happened?

What can I do?

Related topics