[\e]0;\u@\h: \w\a][\033[;32m]┌──([\033[1;34m]\u㉿\h[\033[;32m])-[[\033[0;1m]\w[\033[;32m]]\n[\033[;32m]└─[\033[1;34m]$[\033[0m] sudo certbot certonly --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): , delta9inc.org
Requesting a certificate for delta9inc.org
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: delta9inc.org
Type: connection
Detail: 143.198.63.60: Fetching http://delta9inc.org/.well-known/acme-challenge/SHFizhFBPUpNTUtOnZDexbWuvk1Nf2sIsmmYcxSiXwQ: Connection refused
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[\e]0;\u@\h: \w\a][\033[;32m]┌──([\033[1;34m]\u㉿\h[\033[;32m])-[[\033[0;1m]\w[\033[;32m]]\n[\033[;32m]└─[\033[1;34m]$[\033[0m]
Hello @domsdroid,
The HTTP-01 challenge states "The HTTP-01 challenge can only be done on port 80."
Best Practice - Keep Port 80 Open
A few online utilities demonstrate that the server is not accessible via Port 80 from the Public Facing Internet.
https://letsdebug.net/delta9inc.org/2425000
https://check-host.net/check-http?host=http://delta9inc.org gets "Connection refused"
Please check your firewall(s) and/or router.
1 Like
The --standalone method is difficult to debug because you need to keep Certbot running to test connection from the public internet.
Probably the easiest way to test is with these command options:
sudo certbot certonly --standalone --dry-run --debug-challenges -v -d (domain)
This command will show you the challenge URL to try from the public internet and the proper response. After showing you this it will say "Press Enter to Continue". DO NOT PRESS ENTER.
Leave it paused and use a different device to test connection. You can use a mobile phone with wifi disabled to use your carrier's network.
You do not have to use the full URL. Just try http://(domain)
If the connection works this shorter URL should see a response like below. I am pretty sure you will get a timeout error instead just like Let's Encrypt did. Repeat this as needed as you modify your firewall and comms setup until it works.
ACME client standalone challenge solver
2 Likes
