Certbot standalone isn't working

boa tarde!
O meu negócio é o seguinte:
tenho um servidor.exe standalone feito em delphi fmx em RestDataware que nativamente só responde a requisições HTTP.

no link oficial do RDW tem um tutorial com passo-a-passo pra gente configurar o certbot certonly --weboroot. o link é: RDW http para https

no tutorial acima, tem vários passos, estou no 1.2 onde dá erro na porta 80.
Então entrei em contato com meu provedor de banda larga fibra optica, que me disseram que as portas 80 e 443 e também a que meu RDW usa que é 8082, não podem ser "literalmente", pois as portas abaixo de 1000 eles não liberam para usuário final e sim fazem redirecionamentos.

então, as portas foram redirecionadas da seguinte forma:
80 = 2583
443 = 2584
8082 = 2581

Então, ao tentar instalar o: cerbot certonly --standalone não deu certo.
Estou tentando seguir a configuração alternativa: certbot certonly --webroot

Pergunto, como faço para que no lugar de usar as portas 80 e 443 se usem as portas que a operadora redirecionou 2583 e 2584?

grato!

Use:
cerbot certonly --standalone --http-port 2583

bom dia!
fiz o procedimento sugerido pelo nobre rg305, mas, infelizmente não deu certo.
veja(m) a mensagem que deu em inglês:

usage:

Certbot can obtain and installl HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate.
certbot: error: argument -t/--text: ignored explicit argument 'p-port'

Não entendo.
O que fazer nobre rg305 ?

O @rg305 queria dizer --http-01-port em vez de --http-port. Pode tentar outra vez com a opção --http-01-port?

Boa tarde nobre @rg305 "schoen"!
fiz o seguinte comando dentro do CMD como administrador na pasta onde está os meus 3 arquivos de certificado que são:

rootCA.crt
rootCA.key
rootCA.p12

o comando que executei foi:
certBot certOnly --standAlone --http-01-port 2583

preenchi o que foi solicitado:
please enter the domain name(s) you would like on your certificate (comma and/or space separated) (enter 'c' to cancel): AGENDEX.DDNS.NET

o resultado pós enter demorou alguns segundos foi:

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: agendex.ddns.net
type: connection
Detail: 177.128.85.23: Fetching http://agendex.ddns.net/.well-known/acme-challenge/KddMMzWL8ycFGUp-m4cSKADDDEwQns9t8AA3tUauM8U: Timeout during connect (likely firewall problem)

Hint: The Certifcate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 2583. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
As for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\CertBot\log\letsencrypt.log or re-run Certbot with -v for more details.
c:\bin\OpenSSL\win64\bin>_

obs.: no firewall criei regras de entrada:
nome da regra: liberação portas:
protocolos e portas: tcp
portal local: portas específicas: 80,443,2581,2583,2584
porta remota: todas as portas

Something is blocking port 80.
OR
Nothing is listening on port 80.
[OR both]

Please show:
netstat -qanp TCP

Como eu já havia dito desde o início, meu provedor de internet não libera as portas 80 e 443, apenas liberam redirecionamentos. Esta ação tem objetivo visar a segurança dos dados.
Então a porta 80, está redirecionada para 2583, e, a 443, redirecionada pra porta 2584.

É isso. Já o firewall do windows liberei as 4 portas, mas, como disse, no modem do provedor não estão liberadas.

grato!
Neste caso, tem solução mesmo se a porta 80 não estiver acessível?
Há como fazer de outra forma?

Eu vi que tem um jeito com o tal ACME, mas, usando o IIS do Windows...
mas, não uso o ISS, tem outra solução?

voltando aqui ao seu pedido:
fiz:

netstat -qanq TCP e o resultado foi uma lista parecendo um help:
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p prto] [-r] [-s] [-t] [-x] [-y] [interval]
e em seguida uma explicação de cada um dos parâmetros, ou seja, não executou nada, a não ser um HELP.

#gratidão

That's a "P" not another "Q"

OR use without Q:
netstat -anp TCP

fiz sem o "Q" e apareceu uma lista enorme de resultados TCP.
Qual informação gostaria que a gente lhe mostrasse?

All lines that contain ":80"

NETSTAT -ANP TCP

Microsoft Windows [versão 10.0.19043.2130]
(c) Microsoft Corporation. Todos os direitos reservados.

C:\WINDOWS\system32>netstat -anp TCP

Conexões ativas

Proto Endereço local Endereço externo Estado
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3050 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:33060 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49678 0.0.0.0:0 LISTENING
TCP 127.0.0.1:28385 0.0.0.0:0 LISTENING
TCP 127.0.0.1:28390 0.0.0.0:0 LISTENING
TCP 127.0.0.1:30800 0.0.0.0:0 LISTENING
TCP 127.0.0.1:30900 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49350 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49351 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49684 127.0.0.1:49685 ESTABLISHED
TCP 127.0.0.1:49685 127.0.0.1:49684 ESTABLISHED
TCP 127.0.0.1:49686 127.0.0.1:49687 ESTABLISHED
TCP 127.0.0.1:49687 127.0.0.1:49686 ESTABLISHED
TCP 127.0.0.1:57030 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57031 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57032 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57033 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57034 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57035 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57036 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57037 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57038 127.0.0.1:49350 TIME_WAIT
TCP 192.168.1.85.139 0.0.0.0:0 LISTENING
TCP 192.168.1.85:56922 52.226.139.180:443 ESTABLISHED
TCP 192.168.1.85:57164 192.16.58.8:80 ESTABLISHED

NETSTAT -QANP TCP

C:\WINDOWS\system32>netstat -qanp TCP

Conexões ativas

Proto Endereço local Endereço externo Estado
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3050 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:33060 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49678 0.0.0.0:0 LISTENING
TCP 127.0.0.1:28385 0.0.0.0:0 LISTENING
TCP 127.0.0.1:28390 0.0.0.0:0 LISTENING
TCP 127.0.0.1:30800 0.0.0.0:0 LISTENING
TCP 127.0.0.1:30900 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49350 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49351 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49684 127.0.0.1:49685 ESTABLISHED
TCP 127.0.0.1:49685 127.0.0.1:49684 ESTABLISHED
TCP 127.0.0.1:49686 127.0.0.1:49687 ESTABLISHED
TCP 127.0.0.1:49687 127.0.0.1:49686 ESTABLISHED
TCP 127.0.0.1:57057 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57058 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57060 127.0.0.1:49350 TIME_WAIT
TCP 127.0.0.1:57061 127.0.0.1:49350 TIME_WAIT
TCP 192.168.1.85:139 0.0.0.0:0 LISTENING
TCP 192.168.1.85:56922 52.226.139.180:443 ESTABLISHED
TCP 0.0.0.0:49685 0.0.0.0:0 ASSOCIADO
TCP 0.0.0.0:49687 0.0.0.0:0 ASSOCIADO
TCP 0.0.0.0:56922 0.0.0.0:0 ASSOCIADO

C:\WINDOWS\system32>netstat -qanp TCP

Eu vi um único local usando a porta 80. Mas, isso eu já havia informado desde o início desse "chamado de suporte" que meu provedor não libera literalmente ela para nós, e, sim fazem um redirecionamento, o que está para a porta 2583. Repito, como já dissemos no início dessa dúvida.

Nobre @rg305 qual próximo passo, por favor, para conseguirmos validar nosso certificado?

eu vi um tal de ACME, mas, tem que instalar o IIS do Windows, o que parece não ser coerente com o meu caso, onde meu servidor de eventos, roda em standAlone por um .EXE.

grato!

Try:
cerbot certonly --standalone --http-01-port 2583 -v

erros:

certbot failed to authenticate some domains (ahthenticator: standalone). The Certificate Authority reported these problems:
domain: agendex.ddns.net
type: connection
detail: 177.128.85.23: fetching http://agendex.ddns.net/.well-known/acme-challenge/[código hash enorme]: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by certbot on port 2583. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Cleaning up challenges
some challenges have failed.
Ask for help or search sr solutions at https://community.letsencrypt.org. Seee the logfile c:\certbot\log\letsencrypt.log or re-run certbot with -v for more details.
C:\WINDOWS\system32>_

We are going in circles.
Port 80 isn't able to reach your port 2583 certbot.

Please show the file:

veja o conteúdo do arquivo .LOG, solicitado:

2022-10-24 13:19:21,731:DEBUG:certbot._internal.main:certbot version: 1.24.0
2022-10-24 13:19:21,731:DEBUG:certbot._internal.main:Location of certbot entry point: C:\Program Files (x86)\Certbot\bin\certbot.exe
2022-10-24 13:19:21,731:DEBUG:certbot._internal.main:Arguments: ['--standalone', '--http-01-port', '2583', '-v', '--preconfigured-renewal']
2022-10-24 13:19:21,731:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-10-24 13:19:22,074:DEBUG:certbot._internal.log:Root logging level set at 20
2022-10-24 13:19:22,074:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2022-10-24 13:19:22,090:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x04557C88>
Prep: True
2022-10-24 13:19:22,090:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x04557C88> and installer None
2022-10-24 13:19:22,090:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2022-10-24 13:19:22,137:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/765322266', new_authzr_uri=None, terms_of_service=None), 5ca617a42e45356072eacf7416776cca, Meta(creation_dt=datetime.datetime(2022, 10, 7, 19, 35, 46, tzinfo=<UTC>), creation_host='MCR06', register_to_eff='microvolution@hotmail.com'))>
2022-10-24 13:19:22,324:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-10-24 13:19:22,324:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-10-24 13:19:22,949:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2022-10-24 13:19:22,949:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 24 Oct 2022 16:19:22 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "pJVIgQ0orec": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-10-24 13:19:22,949:DEBUG:certbot.display.ops:No installer, picking names manually
2022-10-24 13:19:42,821:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for agendex.ddns.net
2022-10-24 13:19:43,087:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): C:\Certbot\keys\0030_key-certbot.pem
2022-10-24 13:19:43,118:DEBUG:certbot.crypto_util:Creating CSR: C:\Certbot\csr\0030_csr-certbot.pem
2022-10-24 13:19:43,118:DEBUG:acme.client:Requesting fresh nonce
2022-10-24 13:19:43,118:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-10-24 13:19:43,306:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-10-24 13:19:43,306:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 24 Oct 2022 16:19:43 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 27123TGbhxomkx6gFLPOSgcseGcgLdR3aYdkNVGd2h3cTZ0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-10-24 13:19:43,306:DEBUG:acme.client:Storing nonce: 27123TGbhxomkx6gFLPOSgcseGcgLdR3aYdkNVGd2h3cTZ0
2022-10-24 13:19:43,306:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "agendex.ddns.net"\n    }\n  ]\n}'
2022-10-24 13:19:43,306:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzY1MzIyMjY2IiwgIm5vbmNlIjogIjI3MTIzVEdiaHhvbWt4NmdGTFBPU2djc2VHY2dMZFIzYVlka05WR2QyaDNjVFowIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "r9D_MheFbnmAOClL2aE9hEQTQjZ2IJWGXbu0uc8XRNoxQJApYhEdy_RwBzAYEv0qZyPyK9ABlZ4fSAASH7OK3KmcK2Sd-utBj5bXGqUi0Fa0_NyU3siQlLLil6RVZ6yEUYP7bHG2nuF6imdAVBZm6VvDQYYwTo0g7ebJCeYq-q1BU-yLHyOMAEaVvQsiKykmnnqFl92oyGzNqic--lSIHPI8M4GXROg998qxJfFqK2iWWGrijR2JeVkyNQBLmX02dP6jGEp3fPtKxEf3RVD1jHTJ42sx1RFrQz4SgdmOl5C8SkQo6avFnw_FsDE482UcZ-tQATn8XsOjh7VwTRm0uw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFnZW5kZXguZGRucy5uZXQiCiAgICB9CiAgXQp9"
}
2022-10-24 13:19:43,712:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341
2022-10-24 13:19:43,712:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 24 Oct 2022 16:19:43 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 765322266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/765322266/137560955452
Replay-Nonce: A5FE0lIQcSfEoEVB1mbIGfhebgTiST48VBLTEiO4GoF4GTQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-10-31T16:19:43Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "agendex.ddns.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/168240020972"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/765322266/137560955452"
}
2022-10-24 13:19:43,712:DEBUG:acme.client:Storing nonce: A5FE0lIQcSfEoEVB1mbIGfhebgTiST48VBLTEiO4GoF4GTQ
2022-10-24 13:19:43,712:DEBUG:acme.client:JWS payload:
b''
2022-10-24 13:19:43,712:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/168240020972:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzY1MzIyMjY2IiwgIm5vbmNlIjogIkE1RkUwbElRY1NmRW9FVkIxbWJJR2ZoZWJnVGlTVDQ4VkJMVEVpTzRHb0Y0R1RRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjgyNDAwMjA5NzIifQ",
  "signature": "O9PeaRVOX2zK6PDf9McyrRazXbW2mTimv5SIo64_T7Xspu83UA9ptwPpJAD5hK1yvulK9mYEelic-1JX1Buv1mNxi90nYRUNxxBkqgktfQd_3R0uPSkrb1dQVe3qEsvrbXb_y1Naxp8ImpVF2WeuppXSD7dJknTOfPtVtJhxb-ZJ61-AOav9Cc0M22ZSxRaii0R2UIPfz1rlweWZhx8Uwo62PfWdgp8buNGrGjn72Sw5hdC8d6yzbKgKJSNqoL5wHn87BkvFOvOTSuKNl1V8ZWYwgrlERJUqy-EVbMFIdxSHkkRBVodtH5b-jwL-MWnd8p8ycJ0a9vWbZXWIfuBk0A",
  "payload": ""
}
2022-10-24 13:19:43,915:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/168240020972 HTTP/1.1" 200 800
2022-10-24 13:19:43,915:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 24 Oct 2022 16:19:43 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 765322266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FEoyheBQlYkJLgUTaIitFvYaGDZQoJljqOrWgbeVBPNpc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "agendex.ddns.net"
  },
  "status": "pending",
  "expires": "2022-10-31T16:19:43Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/Om6cDA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/j8umIw",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/emeNCA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    }
  ]
}
2022-10-24 13:19:43,915:DEBUG:acme.client:Storing nonce: A5FEoyheBQlYkJLgUTaIitFvYaGDZQoJljqOrWgbeVBPNpc
2022-10-24 13:19:43,915:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-10-24 13:19:43,915:INFO:certbot._internal.auth_handler:http-01 challenge for agendex.ddns.net
2022-10-24 13:19:43,930:DEBUG:acme.standalone:Successfully bound to :2583 using IPv6
2022-10-24 13:19:43,930:DEBUG:acme.standalone:Successfully bound to :2583 using IPv4
2022-10-24 13:19:43,930:DEBUG:acme.client:JWS payload:
b'{}'
2022-10-24 13:19:43,946:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/Om6cDA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzY1MzIyMjY2IiwgIm5vbmNlIjogIkE1RkVveWhlQlFsWWtKTGdVVGFJaXRGdllhR0RaUW9KbGpxT3JXZ2JlVkJQTnBjIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNjgyNDAwMjA5NzIvT202Y0RBIn0",
  "signature": "hyk92BzAX9-EA5gZPnT3LXeSQLAQSSSdCzFLlgJGZLYAESV4klC4gfaQeBtDNenslaeklaPZzySWwyZI_ZU2Fae_ioQhdm98kBMDzAjF4Tx1F5q-QxsjR9CBiWDLopIX3x14hXPLn7ThwLcmzBossvcCQSu38BLNndGcjXyqkPjFHK3KnQAc2Dw4zbaNlsnb-F4iGKTpJ9c13Ok-b_JrJm3mONgMvHHTGTyoWqQw9jCYSKbsR7R3nUwXiwH5EVaX7l_PrQgz2T9DcxoHp9N_7UnpF3HDu4uLfDOUWBX63Phh6dpjw-u3RRaGGlEeKympFJdbreIsCqY5zrg8KjarFQ",
  "payload": "e30"
}
2022-10-24 13:19:44,165:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/168240020972/Om6cDA HTTP/1.1" 200 187
2022-10-24 13:19:44,165:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 24 Oct 2022 16:19:43 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 765322266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/168240020972>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/Om6cDA
Replay-Nonce: A5FEi2y6UR1hPJCFLcqp9AF42dECY_lL7W-w-OU47dmS78Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/Om6cDA",
  "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
}
2022-10-24 13:19:44,165:DEBUG:acme.client:Storing nonce: A5FEi2y6UR1hPJCFLcqp9AF42dECY_lL7W-w-OU47dmS78Q
2022-10-24 13:19:44,165:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-10-24 13:19:45,180:DEBUG:acme.client:JWS payload:
b''
2022-10-24 13:19:45,180:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/168240020972:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzY1MzIyMjY2IiwgIm5vbmNlIjogIkE1RkVpMnk2VVIxaFBKQ0ZMY3FwOUFGNDJkRUNZX2xMN1ctdy1PVTQ3ZG1TNzhRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjgyNDAwMjA5NzIifQ",
  "signature": "OiBoF9wvD577sRDYGu4GA7ALpuiscV0RZc9Nvet33oJHj4THoNfWF_arc8fxldvSeCjPAzsgzEHnPPlcpWFOTLZekkoaDLGqoPKc_jk5xF7cQ7pmY1uF06h9ulMjXbZ6PSyTcERD_oJwL2lerien5VpEzOxPZvvDJk8TfAn0SklS_X0KprZ222ubvRkacrutd3Ep3HsY32xBuvErz6d-21cMPbGF1GzCAKe-MxB89K_3EvUpFWckCKrG5nWIYGsU9pv2AVfyvaMhpEourMCCJ2zQgpvyT3F2ZJuR99sQGksM9Q7vSf__Q5bZQlqXKd_GC9f72Q0T12bvxQbf7rg93Q",
  "payload": ""
}
2022-10-24 13:19:45,383:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/168240020972 HTTP/1.1" 200 800
2022-10-24 13:19:45,383:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 24 Oct 2022 16:19:45 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 765322266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 27126LQIWFKrYG20SJWoaFo_3T_vtXQeIbxC4PINgIBOzQk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "agendex.ddns.net"
  },
  "status": "pending",
  "expires": "2022-10-31T16:19:43Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/Om6cDA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/j8umIw",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/emeNCA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    }
  ]
}
2022-10-24 13:19:45,383:DEBUG:acme.client:Storing nonce: 27126LQIWFKrYG20SJWoaFo_3T_vtXQeIbxC4PINgIBOzQk
2022-10-24 13:19:48,399:DEBUG:acme.client:JWS payload:
b''
2022-10-24 13:19:48,399:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/168240020972:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzY1MzIyMjY2IiwgIm5vbmNlIjogIjI3MTI2TFFJV0ZLcllHMjBTSldvYUZvXzNUX3Z0WFFlSWJ4QzRQSU5nSUJPelFrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjgyNDAwMjA5NzIifQ",
  "signature": "tRwPxblG9Cgjn9zCP_1mAQHrMMcUOXFk_YldDR28clfmjOWstWkor9Df-QgciAJ_Ri1FNQCjhKrXin2Emd_CPEPBSWmvzPEtfOpQzI6TKEUwqu6wn34FtSMJD-rrGJYAsPDP_ge1BbsZ2UmFijzUcJQkDuMLo0xRra9qNJiUTF_r2ZBNaT9gaNBSCkT6JDabIjRhlnEaWQpTA1VdEgIh3d1sZXel7pt2jXeoLNK89j75A-QzMgcgQWdzi6fOy3Pu8vIj_aTHbUbZs5atc9eSeWFusdnaqLM6ajhBOBI2EjINqMdZ4XmZ-w1JrUOjq-ZQ2IydfAdNxnS2cUMWVQcePA",
  "payload": ""
}
2022-10-24 13:19:48,618:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/168240020972 HTTP/1.1" 200 800
2022-10-24 13:19:48,618:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 24 Oct 2022 16:19:48 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 765322266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F977tn-4LomdEMVwwQz3yZR47tJOlW6PJocKQZ1Z5zMnjd8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "agendex.ddns.net"
  },
  "status": "pending",
  "expires": "2022-10-31T16:19:43Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/Om6cDA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/j8umIw",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/emeNCA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    }
  ]
}
2022-10-24 13:19:48,618:DEBUG:acme.client:Storing nonce: F977tn-4LomdEMVwwQz3yZR47tJOlW6PJocKQZ1Z5zMnjd8
2022-10-24 13:19:51,633:DEBUG:acme.client:JWS payload:
b''
2022-10-24 13:19:51,633:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/168240020972:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzY1MzIyMjY2IiwgIm5vbmNlIjogIkY5Nzd0bi00TG9tZEVNVnd3UXozeVpSNDd0Sk9sVzZQSm9jS1FaMVo1ek1uamQ4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjgyNDAwMjA5NzIifQ",
  "signature": "XLNz8x9skDBk-fxjLeD6jnDx2Nk2ZpL_qEB3pvOSg4YIs9k7sPfJ1zad7TtIqMdQgHBZw6S5tIZWwHkIHCtxRm48uH_KApct4QV7sVAmTRPo7Upm-sZKqJv4_DgzefrorK0Z9KstkYa62GkfCIUYahFXdjsxymFZFBTO9X5KglRB5BR44udQ2BbGASRp5k0p9arX9hGiNwaWsV_UqajyyqNPmOi5_lXvOS4ajv5aVdxRRl4j4BKLiIyC1Ip7_Axu5ME0xnIQn-6Rzaperka8bwLE2IhWnEdBRhM2EJjfco9wOif8SVVYMo2UlVpojbZqzPdcvHotFgp57D3VKoU9vw",
  "payload": ""
}
2022-10-24 13:19:51,852:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/168240020972 HTTP/1.1" 200 800
2022-10-24 13:19:51,852:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 24 Oct 2022 16:19:51 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 765322266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: C400YYkQuLNKSVp9GAR5NfYVpfYF6l0Coe-jhjOHfZ1nyn8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "agendex.ddns.net"
  },
  "status": "pending",
  "expires": "2022-10-31T16:19:43Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/Om6cDA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/j8umIw",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/emeNCA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI"
    }
  ]
}
2022-10-24 13:19:51,852:DEBUG:acme.client:Storing nonce: C400YYkQuLNKSVp9GAR5NfYVpfYF6l0Coe-jhjOHfZ1nyn8
2022-10-24 13:19:54,867:DEBUG:acme.client:JWS payload:
b''
2022-10-24 13:19:54,867:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/168240020972:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzY1MzIyMjY2IiwgIm5vbmNlIjogIkM0MDBZWWtRdUxOS1NWcDlHQVI1TmZZVnBmWUY2bDBDb2UtamhqT0hmWjFueW44IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjgyNDAwMjA5NzIifQ",
  "signature": "m9HX6wTS9S-AIHCXvvrL4VDNRR9LMwlKwsfVVFanqPNv2MFcj9loHMDm8_OUiY-Bltf7gZb1F-Vg_xOBzk2mbp__Y0WY_O5ZtLcfsw95e45r3gox9iwcpGI5DvU1jpcqVNRx1VU8Y_2c3DJdTa6-dhhxGtdQHgP87osUAgM67wiiLU7Fl65NVtlknOI9IDIvf-sbwq_Akv_zCRCsbT18IYUdr0Z7YCF73qty2X4ljZApjL_LaJiFMfRheBerRVIMhkXOB168odlHZfZv6nCI25W_ZIOLQ0SuGpfC6LxMMQEViBapB0EoKga1eKZDtldMAMaWSe8xgCxRuwKo9CITBA",
  "payload": ""
}
2022-10-24 13:19:55,070:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/168240020972 HTTP/1.1" 200 1062
2022-10-24 13:19:55,070:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 24 Oct 2022 16:19:54 GMT
Content-Type: application/json
Content-Length: 1062
Connection: keep-alive
Boulder-Requester: 765322266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712ruZo7rJi6WnfWKE0_28yB3lJBQJ-OIfTyW0ZlfFrB28
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "agendex.ddns.net"
  },
  "status": "invalid",
  "expires": "2022-10-31T16:19:43Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "177.128.85.23: Fetching http://agendex.ddns.net/.well-known/acme-challenge/VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/168240020972/Om6cDA",
      "token": "VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI",
      "validationRecord": [
        {
          "url": "http://agendex.ddns.net/.well-known/acme-challenge/VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI",
          "hostname": "agendex.ddns.net",
          "port": "80",
          "addressesResolved": [
            "177.128.85.23"
          ],
          "addressUsed": "177.128.85.23"
        }
      ],
      "validated": "2022-10-24T16:19:43Z"
    }
  ]
}
2022-10-24 13:19:55,070:DEBUG:acme.client:Storing nonce: 2712ruZo7rJi6WnfWKE0_28yB3lJBQJ-OIfTyW0ZlfFrB28
2022-10-24 13:19:55,070:INFO:certbot._internal.auth_handler:Challenge failed for domain agendex.ddns.net
2022-10-24 13:19:55,070:INFO:certbot._internal.auth_handler:http-01 challenge for agendex.ddns.net
2022-10-24 13:19:55,070:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: agendex.ddns.net
  Type:   connection
  Detail: 177.128.85.23: Fetching http://agendex.ddns.net/.well-known/acme-challenge/VGEpWSF6-tJMY_ShIrDjuY72on_qLece3Fy1YIJF6gI: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 2583. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2022-10-24 13:19:55,086:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-10-24 13:19:55,086:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-10-24 13:19:55,086:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-10-24 13:19:55,086:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::2583...
2022-10-24 13:19:55,086:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:2583...
2022-10-24 13:19:55,789:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "runpy.py", line 197, in _run_module_as_main
  File "runpy.py", line 87, in _run_code
  File "C:\Program Files (x86)\Certbot\bin\certbot.exe\__main__.py", line 29, in <module>
    sys.exit(main())
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 19, in main
    return internal_main.main(cli_args)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1679, in main
    return config.func(config, plugins)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1538, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 513, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-10-24 13:19:55,805:ERROR:certbot._internal.log:Some challenges have failed.

Bom dia nobre @rg305! Qual próximo passo pra resolvermos a questão?
#gratidão

Port 80 needs to reach certbot.
I do not know why it can't.

boa tarde nobre @rg305 !
quer dizer que voltamos à estaca zero?

Yes.
Your system needs to allow HTTP to reach certbot when it runs in --standalone mode.
Something is stopping that from happening.