Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
My web server is (include version): NoIp ?
The operating system my web server runs on is (include version): NoIp ?
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 2.8.0
Some extra context.
Portfoward is functioning to everything else.
I'm using NoIP for my Domain Name.
Dynamic DNS is connected to NoIP on my router.
When tried to use PortTriggers for 80 and 443, router didn't accept them.
All rules on firewall were placed correctly.
I'll try and call Claro and be direct with them.
I've already made them remove the CGNat so i can portfoward other stuff
But if they are blocking those specifically, i'll try to tank with them.
If not, i'll have to resort to Anatel's.
Will be a "fun" new year i guess.
Another thing i noticed, i'm trying to ping myself, at 188.8.131.52 and can't.
I tried with my iPv6 adress and it gonne through perfectly.
But with the iPv4 184.108.40.206 pings doesn't return.
Certbot makes outbound requests from your server to the Let's Encrypt server. Certbot uses whatever your local system has configured (IPv4 or IPv6).
The Let's Encrypt Server tries to connect to your domain name using the IP in the public DNS system. If it finds an IPv6 address (AAAA record) it will use that first. Otherwise it will use the IPv4 address (A record) if present.
The request from the LE Server is what you need to get working. That is the request that is shown as "timing out".
I don't see an A or an AAAA record for your domain name setark.ddns.net. Can you put the IP addresses back so we can check.
A little update.
I tested on my Desktop to ping to my public IP 220.127.116.11 through CMD.
4 tries, 4 Request Timed Out.
From my phone connected through Wifi used the Check-Host.net to ping to 18.104.22.168.
All pinged back.
Tested in Desktop the Check-Host.net ping to 22.214.171.124 and they actually responded.
But, still when i CMD myself and try to Ping 126.96.36.199 i get Request Timeout.
Ports on the Moden 80 and 443 are open with TCP.
Advanced Windows Firewall too have rules for 80 and 443.
Yesterday i was thinking that it might have been the ISP but, if Check-Host and websitepulse.com both can find me and ping me at 188.8.131.52
I imagine that the problem must be my om my Desktop, right?
ping uses icmp so is not a good test for HTTP(S) comms which uses TCP
I can't reach your domain using IPv4 or v6 with HTTP or HTTPS
curl -i4 -m7 http://setark.ddns.net
curl: (28) Failed to connect to setark.ddns.net port 80 after 3501 ms: Connection timed out
curl -i6 -m7 http://setark.ddns.net
curl: (7) Failed to connect to setark.ddns.net port 80 after 121 ms: Connection refused
curl -i4 -m7 https://setark.ddns.net
curl: (28) Failed to connect to setark.ddns.net port 443 after 3503 ms: Connection timed out
curl -i6 -m7 https://setark.ddns.net
curl: (7) Failed to connect to setark.ddns.net port 443 after 143 ms: Connection refused
Asked for a friend to ping me from their computer.
Ping went okey.
So it's clear that i, on my machine can't ping myself even with a rule on my windows firewall to allow ICMP4 - Echo Request rule open on the firewall.
No option i could find on my Router config about it.
Now i have to test to see why Certbot isn't passing through Port 80.
Lots of things can cause such trouble. Using the wrong IP addresses, an ISP that actively blocks those ports (residential ISPs might do this), a router that is not setup properly. Or a number of other things.
The --standalone option is the hardest to debug because there is only an active listener on port 80 when it is running. Still, I think something is blocking access before reaching that.
Why did you choose --standalone? What kind of service do you plan on using with the certificate? I don't see any other ports open on your system
It's for a SSL CA for allowing Video and Audio on through FoundryVTT.
So i was following their instructions, on how to make an SSL just for that.
In all fairness their link to Certbot is outdated, and i had to search for the 2.8.0 myself.