Certification problem for noob [duckdns]

EdmundDuckDuck · November 6, 2024, 1:27pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: edadamvpn.duckdns.org

I ran this command: Ran install script which I do not quite understand but it ends in

no certificate-

It produced this output:

no certificate-

My web server is (include version): Not sure here, its a VPS (server) don't think there is a web server running.

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: https://softshellweb.com/

I can login to a root shell on my machine (yes or no, or I don't know): yes (ssh)

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): don't know what this is

What steps do I have to take to solve this?

webprofusion · November 6, 2024, 1:54pm

The install script you are referring to could be anything at all, do you have a guide you were trying to follow?

EdmundDuckDuck · November 6, 2024, 2:09pm

I hope this helps

rg305 · November 6, 2024, 2:10pm

Hi @EdmundDuckDuck, and welcome to the LE community forum

While we wait for your answer... I see that HTTP+S connections are being refused:

curl -Ii http://edadamvpn.duckdns.org/
curl: (7) Failed to connect to edadamvpn.duckdns.org port 80 after 14715 ms: Connection refused

curl -Ii https://edadamvpn.duckdns.org/
curl: (7) Failed to connect to edadamvpn.duckdns.org port 443 after 120 ms: Connection refused

[that may be part of the problem]

Bruce5051 · November 6, 2024, 2:31pm

And DuckDNS was (is?) having issues
See Certbox shows a different TXT from dig - #4 by Bruce5051

EdmundDuckDuck · November 6, 2024, 5:01pm

I guess there is nothing started on my server that listens to port 80.

rg305 · November 6, 2024, 5:02pm

Is there a web server installed?
What are you going to use the cert for/with?

EdmundDuckDuck · November 6, 2024, 5:15pm

No web server. I lwant to install a VPN

rg305 · November 6, 2024, 5:26pm

Ok, we can help you get a cert for that.
The simplest way is to use HTTP authentication to validate the FQDN and obtain a cert.
For that, you will need to open HTTP [TCP port 80] through the firewall(s).
Then run the ACME client in standalone mode.

Bruce5051 · November 6, 2024, 5:44pm

Using the online tool Let's Debug yields these results https://letsdebug.net/edadamvpn.duckdns.org/2274700

ANotWorking
Error
edadamvpn.duckdns.org has an A (IPv4) record (193.160.96.194) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://edadamvpn.duckdns.org/.well-known/acme-challenge/letsdebug-test": dial tcp 193.160.96.194:80: connect: connection refused

Trace:
@0ms: Making a request to http://edadamvpn.duckdns.org/.well-known/acme-challenge/letsdebug-test (using initial IP 193.160.96.194)
@0ms: Dialing 193.160.96.194
@28ms: Experienced error: dial tcp 193.160.96.194:80: connect: connection refused

IssueFromLetsEncrypt
Error
A test authorization for edadamvpn.duckdns.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
193.160.96.194: Fetching http://edadamvpn.duckdns.org/.well-known/acme-challenge/-mcBQArQi9yY6Ke9m6K2EMy6gDfg5wbtjnVA7xoti1M: Connection refused

Edit

And
https://dnsviz.net/d/edadamvpn.duckdns.org/dnssec/

" DNSSEC configuration invalid

The DNSSEC configuration is invalid. This will prevent users who are relying on validating DNS servers (e.g., Google DNS) to get any DNS responses for this domain name."

rg305 · November 6, 2024, 5:51pm

Sounds like a good time to switch to another DDNS provider.

Bruce5051 · November 6, 2024, 5:56pm

I agree!

rg305 · November 6, 2024, 6:21pm

I'd say they're "a dime a dozen" - but they're actually even less than that [FREE!].

EdmundDuckDuck · November 11, 2024, 2:38pm

Thank for the responses guys. Suddenly the error disappeared and now it is back again.
Don't know what to do next.

MikeMcQ · November 11, 2024, 2:42pm

Maybe switch to a diffferent DNS provider? Although you would need to buy your domain name. Try Cloudflare they also offer DDNS if you need that https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/

rg305 · November 11, 2024, 3:14pm

OR
Try using another FREE DDNS service.

system · December 11, 2024, 3:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Setting up SSL certification for test domain with private IP Help	4	1064	December 15, 2023
Certificate creation Duckdns Help	3	4643	February 16, 2022
Some challenges have failed Help	29	624	February 10, 2024
I cannot get a certification Help	98	553	December 6, 2024
LetsEncrypt error Help	16	4186	May 28, 2020

Certification problem for noob [duckdns]

Edit

Related topics