Certbot with apache for Joplin server

Hi All

Im very new to this self hosting community. I. am follwoing this guide - Guide for Joplin-Server on Raspberry Pi - Development - Joplin Forum

to try to get a joplin server up and running on a pi at my house. I am follwing the guide to the letter bar instead of NO IP i use Duckdns (its my understanding these do the same things)

But when i follow spet 6.2 i get an error where lets encrypt doesnt appear to be able to grant a cert, it doesnt provide too much info that i understand

I know it says likely firewal prolem but i have forwarded the ports properly and i dont know how to troubleshoot this issue based on what i have to work with, if you need any more info just let me know

I read the error it provides but both port forwarding and duckdns are set up correctly and upto date.

Also if its relevant i have a pihole running but i dont think that would be causing any issues?

My domain is: joplinserver.duckdns.org

I ran this command: Step 6.2 Certbot / Let's Encrypt: (See guide in link)

It produced this output: Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: joplinserver.duckdns.org
Type: connection
Detail: XXX:XXX:XXX: Fetching http://joplinserver.duckdns.org/.well-known/acme-challenge/jmyVwlVBS0jKz5ZPa61Ek0dB-YKH6c: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

My web server is (include version):

The operating system my web server runs on is debian bookworm

My hosting provider, if applicable, is: duckdns.org

I can login to a root shell on my machine YES

The version of my client is v2.10

Thanks

Welcome @atotalgoober

There is something (probably a firewall) blocking access to your server. The Let's Debug test site is helpful to test new setups. Or, try a mobile phone with wifi disabled so using your carrier's internet.

Requests from the public internet must work on HTTP (port 80) for the Let's Encrypt HTTP Challenge.

If this is a residential ISP you might ask them if they allow inbound requests to you on port 80. Some block such requests.

Why hide an IP that can be resolved from a public name [joplinserver.duckdns.org]?
Did you check to see if it is up-to-date? Does it match your current IP?
Is your site reachable via HTTP from the Internet?

All good questions!

1. dont know seemed something i should do
2. the ip is upto date and yes it matches
   3 Not sure what i would see if it were but i think ive found the problem

I revisited the set up for duckdns you can see here - https://www.youtube.com/watch?v=z092FGtP6ME&ab_channel=BlueBotTech

Seems there is an error with the set up of duckdns the config it provides even when copy and pasting comes back with an error that i didnt spot first time. Strange thing is that duckdns gives you the command to copy and paste into a config file i dont understand why im gettingt the error when i try to test the connection between pi and duckdns

the script it provides is -

echo url="https://www.duckdns.org/update?domains=joplinserver&token=bfbf50c6-9797-48af808a7da0&ip=" | curl -k -o ~/duckdns/duck.log -K -

my understanding is that that script will point to the duckdns page and establish the connection that lets encrypt needs to finish set up

when i test it though i get the following errors

/duck.sh
Warning: :2: warning: '&ip' is unknown
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0Warning: Failed to open the file /var/log/duckdns/duck.log: Permission denied
100 2 0 2 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
curl: (23) Failure writing output to destination

The guy in the video copies and pastes so i dont see how what im doing is different, but if i understand correctly without this file pointing the pi to duckdns the site will never be reachable so i guess this is the issue (if you think otherwise let me know)

(incase it matters that token was modified from the original)

Thanks you for this, it seems to confirm my theory the config script from duckdns is not working due to some error i cant work out

You could try posting the question at the discourse thread you linked for that script.

The dev of that would know more about it. Or even the other people who commented there.

I’ve hidden the earlier revisions of your post. Please make sure to revoke the token you had posted.

Thanks @JamesLE for taking action to do the right things, this is just the latest example!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.