Certbot failed to authenticate some domains

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: eye2eye.mooo.com

I ran this command: sudo certbot --nginx -d stun.bloggernepal.com -d turn.bloggernepal.com

It produced this output:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: stun.eye2eye.mooo.com
Type: connection
Detail: 76.38.17.9: Fetching http://stun.eye2eye.mooo.com/.well-known/acme-challenge/qJoqyg_KghtdfjU6svwdG2_t1CyB2-BjIKsXBh4tXgw: Timeout during connect (likely firewall problem)

Domain: turn.eye2eye.mooo.com
Type: connection
Detail: 76.38.17.9: Fetching http://turn.eye2eye.mooo.com/.well-known/acme-challenge/4-RPfKYstxui0w_x5FCmQv9yyauxWZzDM03rneSQXgI: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

My web server is (include version): Ubuntu VM 24.04.1 LTS

The operating system my web server runs on is (include version): Ubuntu VM 24.04.1 LTS

My hosting provider, if applicable, is: FreeDNS (for DNS)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

DNS is hosted for the following URLs using FreeDNS:
turn.eye2eye.mooo.com
stun.eye2eye.mooo.com
eye2eye.mooo.com
All are Type A with the IP of my server as their destination.

That is very strange. There are no DNS A or AAAA records for those domain names and the domain names in the error message are not these names. Can you explain how this is related to the errors you showed?

That HTTP request to that 'stun' domain timed out. As noted in the message this is often a firewall blocking the request. HTTP (port 80) requests to your "home" page fail too. It is not just Let's Encrypt challenge that is failing.

You should check your firewalls, your router configuration, and ensure your ISP allows incoming requests on port 80.

The https://letsdebug.net test site is helpful to check those requests after you make changes. You can also try reaching your site using any device on the public internet. Such as a mobile phone with wifi disabled to use your carrier public network.

Same thing you need to do for the turn subdomain (it uses the same IP in the DNS)

Sorry, I put the wrong command into my original post. I used:
sudo certbot --nginx -d stun.eye2eye.mooo.com -d turn.eye2eye.mooo.com

Your actual domains are now worse than before. You no longer have an A and/or AAAA record in your DNS. No one on the public internet can reach those domain names including Let's Encrypt

After you restore the DNS settings you need to fix the connectivity problems I described

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.