Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
pd.funkysalamander.com
I ran this command:
sudo certbot --nginx
It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pd.funkysalamander.com
Using default address 80 for authentication.
2019/05/26 10:55:04 [notice] 2878#2878: signal process started
Waiting for verification…
Challenge failed for domain pd.funkysalamander.com
http-01 challenge for pd.funkysalamander.com
Cleaning up challenges
2019/05/26 10:55:17 [notice] 2881#2881: signal process started
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: pd.funkysalamander.com
Type: connection
Detail: Fetching
http://pd.funkysalamander.com/.well-known/acme-challenge/j7rot6IpbNeccJ2WBlkyzcmG0mhCeGN-LuS5VLaOrwA:
Timeout during connect (likely firewall problem)
My web server is (include version):
nginx 1.16.0-1
The operating system my web server runs on is (include version):
Arch Linux
My hosting provider, if applicable, is:
Self
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Depends on what you mean: DNS Controlled at FastMail
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
0.34.2
Additional Information:
-Using ddclient for dynamic DNS through nsupdate.info
-The FastMail DNS Control Panel has a single ‘A’ record for mail.funkysalamander.com pointing to the FastMail server’s IP address. There is no other ‘A’ record.
-The FastMail DNS Control Panel has a CNAME record for pd.funkysalamander.com pointing to the ddclient dynamic DNS domain.nsupdate.info
-The LANs router has both ports 443 & 80 forwarded to the VM running nginx
$ dig pd.funkysalamander.com returns first its CNAME pointing to the domain.nsupdate.info, then an ‘A’ record from domain.nsupdate.info to the correct public dynamic IP address on the WAN side of the router.