Certbot with standalone fails with "could not connect"


#1

Hi LetsEncrypt-community,

we also have servers that are behind NAT-firewalls and I have been looking for ways to getLetsEncryptt-authenticated and verified SSL-certs to those (two) servers that each have their own DNS-names. I found this thread and still I do not know how should I go about with letsencrypt-auto or certbot-auto to generate SSL:s to those servers. Anything I try with:

/letsencrypt-auto certonly --email myfake.fake.emll --agree-tos --apache  -d my1.domain.tld

or

/letsencrypt-auto certonly --email my@fake.com --agree-tos --standalone --standalone-supported-challenges http-01 --http-01-port 80 -d my1.domain.tld

or any other way, always fails with:

Failed authorization procedure. my1.domain.tld (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to my1.domain.tld

How can I make this work using this “dns-01” -challenge system, please?


How to use authenticate with a DNS record?
#2

Hi @jjaone,

I split this into a new thread because I’m not sure whether it was related to the existing thread.

Can you confirm that the name that corresponds to my1.domain.tld is a publicly visible name in the DNS but that the NAT won’t actually allow entities on the public Internet to connect directly inbound to that machine?


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.