Certbot failed to authenticate some domains

My domain is: safeplatebackend.xyz
(ipv4: 45.77.242.5)

I ran this command:
sudo certbot --apache -d safeplatebackend.xyz -d www.safeplatebackend.xyz -m tario01pd2024@gmail.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for safeplatebackend.xyz and www.safeplatebackend.xyz

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: safeplatebackend.xyz
Type: connection
Detail: 45.77.242.5: Fetching http://safeplatebackend.xyz/.well-known/acme-challenge/NulqeWPKq6NLn6WWmlUw3L9bjarL2et7S3iU-wYYfLc: Timeout during connect (likely firewall problem)

Domain: www.safeplatebackend.xyz
Type: connection
Detail: 45.77.242.5: Fetching http://www.safeplatebackend.xyz/.well-known/acme-challenge/rSKf6rsE53gwrO-9rR9pxSXQgmy2J7Y3Gmwkl-NVVWU: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
root@safeplate:~# sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enable>
Active: active (running) since Sat 2024-05-18 04:48:01 UTC; 2s ago
Docs: Apache HTTP Server Version 2.4 Documentation - Apache HTTP Server Version 2.4
Process: 62831 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 62836 (apache2)
Tasks: 55 (limit: 9438)
Memory: 6.6M (peak: 6.9M)
CPU: 31ms
CGroup: /system.slice/apache2.service
├─62836 /usr/sbin/apache2 -k start
├─62838 /usr/sbin/apache2 -k start
└─62839 /usr/sbin/apache2 -k start

May 18 04:48:01 safeplate systemd[1]: Starting apache2.service - The Apache HTTP Serv>
May 18 04:48:01 safeplate systemd[1]: Started apache2.service - The Apache HTTP Serve

The operating system my web server runs on is (include version):
OS:
Ubuntu 24.04 LTS x64

My hosting provider, if applicable, is:
Vultr

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no? im just using vultr + ssh remote host connect

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.10.0

i tried this -> Port Checker - Check Open Ports Online -> and port 3000 works but 80 is timeout (i dont know why, could this be the reason its not working)?

this is my app.js

const express = require('express');
const fs = require('fs');
const https = require('https');
const app = express();
app.use(express.json());
app.get('/', (req, res) => {
res.send('Hello Wor3ld!');
});

app.listen(3000, '0.0.0.0', () => console.log(`Server running on port 3000`));

Hi @tario-you,

Yes, you seem to have a firewall blocking incoming connections on port 80. You could start by checking your Vultr settings to make sure there are no restrictions applied there to such connections.

4 Likes

Agree, Let's Debug's see that also https://letsdebug.net/safeplatebackend.xyz/1964540; as well as a non-working IPv6 Address.

I see it too (IPv4 only test).

$ nmap -Pn -p80,443 safeplatebackend.xyz
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-18 17:37 UTC
Nmap scan report for safeplatebackend.xyz (45.77.242.5)
Host is up.
Other addresses for safeplatebackend.xyz (not scanned): 2401:c080:1400:6e17:5400:4ff:feea:32e0
rDNS record for 45.77.242.5: 45.77.242.5.vultrusercontent.com

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.32 seconds

Edit: and from another machine I have access to with both IPv4 and IPv6 I see this.

IPv4

>nmap -4 -Pn -p80,443 safeplatebackend.xyz
Starting Nmap 7.94 ( https://nmap.org ) at 2024-05-18 17:51 UTC
Nmap scan report for safeplatebackend.xyz (45.77.242.5)
Host is up.
Other addresses for safeplatebackend.xyz (not scanned): 2401:c080:1400:6e17:5400:4ff:feea:32e0
rDNS record for 45.77.242.5: 45.77.242.5.vultrusercontent.com

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 5.14 seconds

IPv6

>nmap -6 -Pn -p80,443 safeplatebackend.xyz
Starting Nmap 7.94 ( https://nmap.org ) at 2024-05-18 17:51 UTC
Nmap scan report for safeplatebackend.xyz (2401:c080:1400:6e17:5400:4ff:feea:32e0)
Host is up (0.21s latency).
Other addresses for safeplatebackend.xyz (not scanned): 45.77.242.5

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp open     https

Nmap done: 1 IP address (1 host up) scanned in 4.09 seconds
2 Likes

yay thanks guys, i just ran
sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
then
sudo systemctl restart apache2
and it worked :slight_smile:

3 Likes