I’ll first show you my error and then describe what I performed for setup.
When running this command to get a new certificate:
user$ sudo certbot certonly -a manual -d gitlab.k8sbox.io --email email@example.com
I’m getting this error:
Challenge failed for domain gitlab.k8sbox.io http-01 challenge for gitlab.k8sbox.io Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: gitlab.k8sbox.io Type: connection Detail: Fetching http://gitlab.k8sbox.io/.well-known/acme-challenge/j3jALHY9pxJTuDhKOfYZI9QUouQop8LlA1ifly6k6bo: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
The webserver is implemented by GitLab software (not by me), and runs nginx. (Forgive me that I’m not a web administrator).
The webserver is in my house behind a Cable-Modem-Router. I have a static WAN IP-Address (i.e. my ISP provider never changes it).
DNS A-Records exist for both gitlab.k8sbox.io and www.gitlab.k8sbox.io, both of which point to said ISP static WAN IP-Address. Note: The GitLab web service will likely be down if you click the above. (I shut it down when not in use).
Next, within my Cable-Modem-Router, I have ports 80 and 443 port-forwarded to the home webserver (… again, that’s what runs
GitLab / nginx). That home webserver, which runs Fedora-30, does not have firewall packages installed or enabled.
Following the interactive certbot(1) CLI instructions, I created the following on the home (GitLab / nginx) webserver before pressing enter:
user$ mkdir /var/opt/gitlab/nginx/www/.well-known/acme-challenge/j3jALHY9pxJTuDhKOfYZI9QUouQop8LlA1ifly6k6bo/
user$ echo <long-ciphertext> > /var/opt/gitlab/nginx/www/.well-known/acme-challenge/j3jALHY9pxJTuDhKOfYZI9QUouQop8LlA1ifly6k6bo/index.html
- And finally, using Firefox, Opera and Chrome, I can successfully browse to
http://gitlab.k8sbox.io/.well-known/acme-challenge/j3jALHY9pxJTuDhKOfYZI9QUouQop8LlA1ifly6k6bo/index.htmland see the ciphertext content I placed in it (and without logging into GitLab).
Did I miss something? Why could not certbot(1) complete the transaction?
Thank you in advance!