Certbot gets "Timeout during connect"

When I run:

certbot certonly --dry-run  --apache  -d tomsmeetings.com

I get:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for tomsmeetings.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. tomsmeetings.com (http-01): 
    urn:ietf:params:acme:error:connection :: 
The server could not connect to the client to verify the domain :: 
Fetching http://tomsmeetings.com/.well-known/acme-challenge/EaanRvdd8NpAw9ZhOjwqXiRG8G4oy_qkflekI6cABwI: 
Timeout during connect (likely firewall problem)

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: tomsmeetings.com
Type:   connection
Detail: Fetching
http://tomsmeetings.com/.well-known/acme-challenge/EaanRvdd8NpAw9ZhOjwqXiRG8G4oy_qkflekI6cABwI:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

I understand the messages, mostly, but I do not understand why the certification system can’t find the Jitsi server on my PC.

ALSO, the following lines concern me.

Detail: Fetching
http://tomsmeetings.com/.well-known/acme-challenge/EaanRvdd8NpAw9ZhOjwqXiRG8G4oyqkflekI6cABwI:

This is because my Jitsi server can be reached only via https. http won’t reach it.

domain name: tomsmeetings.com
OS: Debian Stretch.
web server: apache2.

I went to this site to get a public IP address: https://www.iplocation.net/find-ip-address.

Below is the contents of letsencrypt.log. (I post it with apology, but I’m a new user and not allowed to upload files.)

2020-04-15 22:30:03,069:DEBUG:certbot.main:certbot version: 0.28.0
2020-04-15 22:30:03,071:DEBUG:certbot.main:Arguments: [’–dry-run’, ‘–apache’, ‘-d’, ‘tomsmeetings.com’]
2020-04-15 22:30:03,073:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-04-15 22:30:03,114:DEBUG:certbot.log:Root logging level set at 20
2020-04-15 22:30:03,116:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-04-15 22:30:03,147:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2020-04-15 22:30:03,398:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2020-04-15 22:30:04,199:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7efce36e93c8>
Prep: True
2020-04-15 22:30:04,202:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7efce36e93c8>
Prep: True
2020-04-15 22:30:04,202:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7efce36e93c8> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7efce36e93c8>
2020-04-15 22:30:04,202:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2020-04-15 22:30:04,269:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, uri=‘https://acme-staging-v02.api.letsencrypt.org/acme/acct/13166788’, new_authzr_uri=None, body=Registration(only_return_existing=None, key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None)), 83d102b85a539ea27b0d2db62b0ffbd7, Meta(creation_dt=datetime.datetime(2020, 4, 16, 4, 11, 32, tzinfo=), creation_host=‘tomsmeetings.com’))>
2020-04-15 22:30:04,272:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2020-04-15 22:30:04,326:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2020-04-15 22:30:08,814:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 724
2020-04-15 22:30:08,815:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 05:30:08 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800New user no

{
“C0i-zlgvCas”: “Adding random entries to the directory”,
“keyChange”: “https://acme-staging-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org/docs/staging-environment/
},
“newAccount”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
}
2020-04-15 22:30:08,832:INFO:certbot.main:Obtaining a new certificate
2020-04-15 22:30:09,041:DEBUG:acme.client:Requesting fresh nonce
2020-04-15 22:30:09,041:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2020-04-15 22:30:11,602:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2020-04-15 22:30:11,604:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 05:30:09 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001UY1wYXKwqVu9j1Sofxl2cwtBZKsF44OmYy2IZp1bXo0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2020-04-15 22:30:11,605:DEBUG:acme.client:Storing nonce: 0001UY1wYXKwqVu9j1Sofxl2cwtBZKsF44OmYy2IZp1bXo0
2020-04-15 22:30:11,606:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “value”: “tomsmeetings.com”,\n “type”: “dns”\n }\n ]\n}’
2020-04-15 22:30:11,618:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
“signature”: “yesGf1dnYgG9OQuSUEDc2kykp2jphPCOKEdGjKLr0skFZ4sieWQ_Xxczju3-Ye4YtbIPveOWijNkwLlFKxx2ccUKiINWyn3_WQw2KmiSlgiu7Ush-g52MgX2AGHDWRLuuTQhwrVYwrFlOY3roo_rkNcVqONoBqbD7hooe2YtxVrLC9jhve4G7Kq5dtJ9UDFBxY4tE5yp1xVmeG0XKgivFBKWy5kQJ5oB0gfqh3QFqgY1URJawX2UsumhAwdTvW7DOGIO40x4cTsgIExQY5TxXl3DSHN71Uvr-abpD7qQpX3wJ8gPBiti8rMrp6KIpZOXEO68TFEQL2plBlXkyU4AEg”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInZhbHVlIjogInRvbXNtZWV0aW5ncy5jb20iLAogICAgICAidHlwZSI6ICJkbnMiCiAgICB9CiAgXQp9”,
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAibm9uY2UiOiAiMDAwMVVZMXdZWEt3cVZ1OWoxU29meGwyY3d0QlpLc0Y0NE9tWXkySVpwMWJYbzAiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMzE2Njc4OCIsICJhbGciOiAiUlMyNTYifQ”
}
2020-04-15 22:30:11,810:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 358
2020-04-15 22:30:11,811:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 16 Apr 2020 05:30:11 GMT
Content-Type: application/json
Content-Length: 358
Connection: keep-alive
Boulder-Requester: 13166788
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/13166788/85330855
Replay-Nonce: 0001DC1JivuW984iLOLehMupGfY-yXKShmdXVKSqP7a1prA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“status”: “pending”,
“expires”: “2020-04-23T05:30:11.724527741Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “tomsmeetings.com
}
],
“authorizations”: [
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49570696
],
“finalize”: “https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13166788/85330855
}
2020-04-15 22:30:11,811:DEBUG:acme.client:Storing nonce: 0001DC1JivuW984iLOLehMupGfY-yXKShmdXVKSqP7a1prA
2020-04-15 22:30:11,811:DEBUG:acme.client:JWS payload:
b’’
2020-04-15 22:30:11,815:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49570696:
{
“signature”: “zV7ChtXKfc_PnbYoASGunlBC6Ve7jqF0d4LY_oo-5rlg6QqAZJ4jtdSiSA-zazTqsFaSgH1itvAtFDAqmB1VNN0m0ggmOwa2YhQQVIpFuADI_aODUpMeVnn-wukQWRf1otJ6czhSxNmpz1aAdGXn08iiNqtT4ozh0PH0NHqaseF0L5yL6Ov9FgklDoxK6h7yVk4zCZbKTJ9wRmayyb_YMS0WMh9Gy7MKUJGOxWHuc6wtExe7jULOeoxNKCwM70otIo5Q2c55hDbsMLqtZYm3ybS34Lx913noApuX3p1kIM3XXV44r0TudjzI6_plHqEoO0rnCeIUEuE_Wbjt9o2-dQ”,
“payload”: “”,
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80OTU3MDY5NiIsICJub25jZSI6ICIwMDAxREMxSml2dVc5ODRpTE9MZWhNdXBHZlkteVhLU2htZFhWS1NxUDdhMXByQSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEzMTY2Nzg4IiwgImFsZyI6ICJSUzI1NiJ9”
}
2020-04-15 22:30:12,356:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/49570696 HTTP/1.1” 200 812
2020-04-15 22:30:12,358:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 05:30:12 GMT
Content-Type: application/json
Content-Length: 812
Connection: keep-alive
Boulder-Requester: 13166788
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001aZh8ppULehuIK6mk_OkVAmebeUA5j65RJZliu8IzIUU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “tomsmeetings.com
},
“status”: “pending”,
“expires”: “2020-04-23T05:30:11Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/2XEbzQ”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/beNZLw”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/B7lc0g”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
}
]
}
2020-04-15 22:30:12,358:DEBUG:acme.client:Storing nonce: 0001aZh8ppULehuIK6mk_OkVAmebeUA5j65RJZliu8IzIUU
2020-04-15 22:30:12,360:INFO:certbot.auth_handler:Performing the following challenges:
2020-04-15 22:30:12,361:INFO:certbot.auth_handler:http-01 challenge for tomsmeetings.com
2020-04-15 22:30:12,461:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: tomsmeetings.com in: /etc/apache2/sites-enabled/tomsmeetings.com.conf
2020-04-15 22:30:12,461:DEBUG:certbot_apache.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

2020-04-15 22:30:12,462:DEBUG:certbot_apache.http_01:writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted

<Location /.well-known/acme-challenge>
Require all granted

2020-04-15 22:30:12,516:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/tomsmeetings.com.conf
2020-04-15 22:30:15,750:INFO:certbot.auth_handler:Waiting for verification…
2020-04-15 22:30:15,752:DEBUG:acme.client:JWS payload:
b’{\n “resource”: “challenge”,\n “type”: “http-01”\n}’
2020-04-15 22:30:15,758:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/2XEbzQ:
{
“signature”: “rV4u0xnzGd-CrpEqWx15tHm0-0CgvYc-WhD5GWWVPrHL6-S__BFVrZxd6gZyd0C9Pt6_Sp_mOibC13X2zgjtM3oRbqzK8yLJI8xvaCPS_Yb6x04wupeZr_rQ2gpWf7yZ_f2s0DT-qmSr-EJHUpPDAZLNWjRBUWEVHjy72xMzTamwgcz8yyNi4dMGMsm6gbwdhIxNCiNK7ieoJ-YE6rO0cPJvUtfd-PnUrhenNCyTWAEXIMFPTed0OU9OUGu4yA6LJz4okZMGIEBhxjbGWU2MkfnLQwnZzrn7JWxD8k4XTZwf-oaI46N-fVLyvWELE48FPfRjexTA6NevRA52iwN1rA”,
“payload”: “ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0”,
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My80OTU3MDY5Ni8yWEVielEiLCAibm9uY2UiOiAiMDAwMWFaaDhwcFVMZWh1SUs2bWtfT2tWQW1lYmVVQTVqNjVSSlpsaXU4SXpJVVUiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMzE2Njc4OCIsICJhbGciOiAiUlMyNTYifQ”
}
2020-04-15 22:30:15,943:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/chall-v3/49570696/2XEbzQ HTTP/1.1” 200 191
2020-04-15 22:30:15,946:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 05:30:15 GMT
Content-Type: application/json
Content-Length: 191
Connection: keep-alive
Boulder-Requester: 13166788
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49570696;rel=“up”
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/2XEbzQ
Replay-Nonce: 00019dcvuFXgOjjsF5qRMcDuqkwoTBaJPCOak_jwD7A4ZAE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/2XEbzQ”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
}
2020-04-15 22:30:15,946:DEBUG:acme.client:Storing nonce: 00019dcvuFXgOjjsF5qRMcDuqkwoTBaJPCOak_jwD7A4ZAE
2020-04-15 22:30:18,951:DEBUG:acme.client:JWS payload:
b’’
2020-04-15 22:30:18,959:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49570696:
{
“signature”: “QVkZeWHkk6zWciOornlmOq2JsTqH2TjS2-Sfk1J5FGfjVn_QvmRZkwfTWZT47vKMALKtD9LsxeyoBiSgr6zyQ-m8jI4J0lWqAmGYW_kAhWanbBOK4xnDgpJ4PVcH3Q558SN4DkhO8ZzHRspR_9SzGJTeMV2k186-y7yAg_yeTRtiMbEL1skVCL37JZwxzBG3cfVAUuNgQAy9XhesDsbfM6illdOcAlT0P6WM_INmSF3puH2D-3Qdt4S9zNcvXhb7TumS17GAS-OaMospFpy_Cxrwos8l8WK9YWIz0hmyEwbmqxJxBEl3oGA0l7zlOXpXsLBiA086t227IkYtoB4WBA”,
“payload”: “”,
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80OTU3MDY5NiIsICJub25jZSI6ICIwMDAxOWRjdnVGWGdPampzRjVxUk1jRHVxa3dvVEJhSlBDT2FrX2p3RDdBNFpBRSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEzMTY2Nzg4IiwgImFsZyI6ICJSUzI1NiJ9”
}
2020-04-15 22:30:19,133:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/49570696 HTTP/1.1” 200 812
2020-04-15 22:30:19,135:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 05:30:19 GMT
Content-Type: application/json
Content-Length: 812
Connection: keep-alive
Boulder-Requester: 13166788
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002S9_Bsxrr2ft4o6zTWe4BqXy7QWR1jkNE5SXSttfiQbo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “tomsmeetings.com
},
“status”: “pending”,
“expires”: “2020-04-23T05:30:11Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/2XEbzQ”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/beNZLw”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/B7lc0g”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
}
]
}
2020-04-15 22:30:19,136:DEBUG:acme.client:Storing nonce: 0002S9_Bsxrr2ft4o6zTWe4BqXy7QWR1jkNE5SXSttfiQbo
2020-04-15 22:30:22,141:DEBUG:acme.client:JWS payload:
b’’
2020-04-15 22:30:22,150:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49570696:
{
“signature”: “Ihg8lP_nMXNacTw81CR9fyW_T2rmLcslqn-BQNQZR5UBPS6ni15KEJPDF0pPyGashbWKxsh2ziu2P9RXfIY3r12Q8tEYI6hbYC-LkY1jj5UfuXKjDiMfu6ZvLud_q4CeWmm52saUBX2qexPQOtlhPT2w_pnlqyLzrYIBkw8aIQhClfwrToC2oHeI4H_9H089CywToclTh4IjfMK1evUpreFIVEe5Cd2JWj0_Z-jhR_fYtiqz-xvQE3KXAgXWWbUeJ6udwnIvMGa5n5ua5CEXDmz3fDpb16ztzORxAtQ_Cj_BpvZI5Bum9J6zYFXg3ufBpX8vd63dZIK5zSTbd_Z8hA”,
“payload”: “”,
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80OTU3MDY5NiIsICJub25jZSI6ICIwMDAyUzlfQnN4cnIyZnQ0bzZ6VFdlNEJxWHk3UVdSMWprTkU1U1hTdHRmaVFibyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEzMTY2Nzg4IiwgImFsZyI6ICJSUzI1NiJ9”
}
2020-04-15 22:30:22,322:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/49570696 HTTP/1.1” 200 812
2020-04-15 22:30:22,325:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 05:30:22 GMT
Content-Type: application/json
Content-Length: 812
Connection: keep-alive
Boulder-Requester: 13166788
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 00014_EKPvdrDdjctE8qRMnXxXjX3Ga6zN-hcc3zdUBdAnY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “tomsmeetings.com
},
“status”: “pending”,
“expires”: “2020-04-23T05:30:11Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/2XEbzQ”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/beNZLw”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/B7lc0g”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
}
]
}
2020-04-15 22:30:22,325:DEBUG:acme.client:Storing nonce: 00014_EKPvdrDdjctE8qRMnXxXjX3Ga6zN-hcc3zdUBdAnY
2020-04-15 22:30:25,330:DEBUG:acme.client:JWS payload:
b’’
2020-04-15 22:30:25,339:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49570696:
{
“signature”: “KHG3a3B-SfAwT8cemV5_r-xuFk75Zmrt1eiI0e-LQ8V6MeFUJWbVzARRhdX_1k-yzskZoePgI6yxRerBiK7gPezaKtsxdNT7Ko53pGmxVAL35ANtIELXdp3Hy8Z7p6FPkO_s5flm8VqtDAU94xZdhTfsDZppi8ZijloclA9_pCYcepP52TmS_TyWGqUgucUBSvrRPtIUh8PBKvK0z_L6R1qK2WHQSsrsaK-svQ6pV6DpBoYzDhKkJ2x377oiaXV_7T_G5oOuB8WNSs07ZmsPaLsl5OUfmHoB4ko-xhvZuSifLQbMWIwmGzYo_s3UX6NBrmNPQutmARw36JVduP4B-w”,
“payload”: “”,
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80OTU3MDY5NiIsICJub25jZSI6ICIwMDAxNF9FS1B2ZHJEZGpjdEU4cVJNblh4WGpYM0dhNnpOLWhjYzN6ZFVCZEFuWSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEzMTY2Nzg4IiwgImFsZyI6ICJSUzI1NiJ9”
}
2020-04-15 22:30:25,508:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/49570696 HTTP/1.1” 200 812
2020-04-15 22:30:25,510:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 05:30:25 GMT
Content-Type: application/json
Content-Length: 812
Connection: keep-alive
Boulder-Requester: 13166788
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001PDqKa2w5Cc3k5OBnfJ-2_YVUnsLUuY1b_UjkePYSKnw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “tomsmeetings.com
},
“status”: “pending”,
“expires”: “2020-04-23T05:30:11Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/2XEbzQ”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/beNZLw”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/B7lc0g”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”
}
]
}
2020-04-15 22:30:25,510:DEBUG:acme.client:Storing nonce: 0001PDqKa2w5Cc3k5OBnfJ-2_YVUnsLUuY1b_UjkePYSKnw
2020-04-15 22:30:28,512:DEBUG:acme.client:JWS payload:
b’’
2020-04-15 22:30:28,522:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49570696:
{
“signature”: “BVbgugvd1NhGRJK_oHq3rNDdVbs9hNVnj06MFVOJDn8Lw_-8WG4Y_vS5RJZNZsIeqNjRCjnreS1j25-2YvHEAhHYQ2MTx-s9pOmDarFoUh-9j-Nm98c6KhzpvyDPReKSULSJ8K0w3Qk5dHvMpBRhRkMVAjsJOo5tgHkKGrXyvX7jOuvs40SFFcsh9X39sWYSiX4Lj_vZNmUu_8UWAbjISIr84CrTJhCBwITV3WqBb2xb5JUJCqwps6qHiSjFsItc0Klk78B9YPaD7vcX5ZDgcWIDSmNdU7UwrlQH2pRHjN2Y91zJMNzGJKlJ0ozQsAvRIyDojEqlkRS8oT_Cz6cPaQ”,
“payload”: “”,
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80OTU3MDY5NiIsICJub25jZSI6ICIwMDAxUERxS2EydzVDYzNrNU9CbmZKLTJfWVZVbnNMVXVZMWJfVWprZVBZU0tudyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEzMTY2Nzg4IiwgImFsZyI6ICJSUzI1NiJ9”
}
2020-04-15 22:30:28,712:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/49570696 HTTP/1.1” 200 1008
2020-04-15 22:30:28,714:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 Apr 2020 05:30:28 GMT
Content-Type: application/json
Content-Length: 1008
Connection: keep-alive
Boulder-Requester: 13166788
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001cKMnD1rVRusH_r_70_pe15kW7vOrYj98xu9KZmAgeZU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “tomsmeetings.com
},
“status”: “invalid”,
“expires”: “2020-04-23T05:30:11Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://tomsmeetings.com/.well-known/acme-challenge/AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ: Timeout during connect (likely firewall problem)”,
“status”: 400
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/49570696/2XEbzQ”,
“token”: “AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”,
“validationRecord”: [
{
“url”: “http://tomsmeetings.com/.well-known/acme-challenge/AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ”,
“hostname”: “tomsmeetings.com”,
“port”: “80”,
“addressesResolved”: [
“75.111.24.173”
],
“addressUsed”: “75.111.24.173”
}
]
}
]
}
2020-04-15 22:30:28,715:DEBUG:acme.client:Storing nonce: 0001cKMnD1rVRusH_r_70_pe15kW7vOrYj98xu9KZmAgeZU
2020-04-15 22:30:28,717:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: tomsmeetings.com
Type: connection
Detail: Fetching http://tomsmeetings.com/.well-known/acme-challenge/AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2020-04-15 22:30:28,727:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. tomsmeetings.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://tomsmeetings.com/.well-known/acme-challenge/AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ: Timeout during connect (likely firewall problem)

2020-04-15 22:30:28,727:DEBUG:certbot.error_handler:Calling registered functions
2020-04-15 22:30:28,727:INFO:certbot.auth_handler:Cleaning up challenges
2020-04-15 22:30:29,053:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.28.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1340, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1225, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 392, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 335, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 371, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. tomsmeetings.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://tomsmeetings.com/.well-known/acme-challenge/AlHSCySLg1u7psqmDr6AOEInMOQIsdCntVze-rF7-zQ: Timeout during connect (likely firewall problem)

1 Like

Requires HTTP for authentication.
Yet, you say (and know that):

You will need to allow for HTTP authentication.
[There are several ways to do this outside of enabling HTTP on Jitsi.]
[one is using certbot to spin up a temporary HTTP server - see: --standalone option]

OR

You can try changing your authentication method [to DNS].

2 Likes

How do i change my auth method to DNS? Also, will this solve my problem, i.e., people can’t reach my jitsi server using android devices.

1 Like

This requires a DNS auth capable ACME client and DNS API “friendly” provider.

Please explain…

1 Like

when i try to connect to the site with the Android Jitsi app, I get disconnected. the url is:

https://tomsmeetings.com/silvercrest

1 Like

i’m not sure what you mean by provider. the web server and the jitsi server run on my own PC.

1 Like

Your DNS service provider.

1 Like
1 Like

Here is one example:


image

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.