Challenge failed - about:blank

My domain is: keldorei.com

My IP are 191.209.27.7, accessing via local IP, domain or public ip during the challenge shows:

ACME client standalone challenge solver

I ran this command:

docker create

docker create
--name=swag
--cap-add=NET_ADMIN
-e PUID=1000
-e PGID=1000
-e TZ=America/Sao_Paulo
-e URL=keldorei.com
-e SUBDOMAINS=www,
-e VALIDATION=http
-e CERTPROVIDER=zerossl
-e DNSPLUGIN=cloudflare
-e EMAIL=alexis@keldorei.com
-e ONLY_SUBDOMAINS=false
-p 443:443
-p 80:80
-v /root/config/swag:/config
--restart unless-stopped
lscr.io/linuxserver/swag

It produced this output:

output

2023-08-30T15:49:31.405100889Z Account registered.
2023-08-30T15:49:31.411184841Z Requesting a certificate for keldorei.com and www.keldorei.com
2023-08-30T15:49:55.203413855Z
2023-08-30T15:49:55.203481243Z Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
2023-08-30T15:49:55.203496502Z Domain: www.keldorei.com
2023-08-30T15:49:55.203514706Z Type: about:blank
2023-08-30T15:49:55.203527743Z Detail: None
2023-08-30T15:49:55.203540391Z
2023-08-30T15:49:55.203552872Z Domain: keldorei.com
2023-08-30T15:49:55.203565464Z Type: about:blank
2023-08-30T15:49:55.203578038Z Detail: None
2023-08-30T15:49:55.203590612Z
2023-08-30T15:49:55.203603205Z Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
2023-08-30T15:49:55.203659241Z
2023-08-30T15:49:55.579443865Z Some challenges have failed.
2023-08-30T15:49:55.579834194Z Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
2023-08-30T15:49:56.906333258Z ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

My web server is a raspberry pi 4 (8gb RAM) behind Archer C6 v4 router and GPT-2741GNAC-N1 modem;
NAT is running with no problems, my other services (Plex, HomeAssistant, VPN...) are running normal
All my services are accessible via ddns

The operating system my web server runs on is raspbian with docker

My hosting provider is: Vivo - Brazil

I can login to a root shell on my machine with full root privileges

I'm using a control panel to manage my site: Portainer, but I'm creating the container the using docker create command

The version of my client is certbot 2.6.0

Any help would be appreciated

You're trying to get a certificate from the CA ZeroSSL, not from Let's Encrypt. And you're using swag. Personally, I think the ZeroSSL support channels and/or the swag support channels are better suited with this specific issue.

1 Like

I just changed to not use ZeroSSL, the error changed:

Summary

2023-08-30T17:07:10.137493828Z Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
2023-08-30T17:07:10.137510476Z Domain: keldorei.com
2023-08-30T17:07:10.137524142Z Type: connection
2023-08-30T17:07:10.137537531Z Detail: 191.209.27.7: Fetching http://keldorei.com/.well-known/acme-challenge/Y0go-XYxpKlrEUIiGDO5u2q7THXSVgCMPTVQwxwbEG8: Timeout during connect (likely firewall problem)
2023-08-30T17:07:10.137551420Z
2023-08-30T17:07:10.137564364Z Domain: www.keldorei.com
2023-08-30T17:07:10.137577493Z Type: connection
2023-08-30T17:07:10.137590660Z Detail: 191.209.27.7: Fetching http://www.keldorei.com/.well-known/acme-challenge/Oikd-odaZ5UG0XPUp24rKrFCTjEN52e-Ibh3IjOOIqE: Timeout during connect (likely firewall problem)
2023-08-30T17:07:10.137604623Z
2023-08-30T17:07:10.137617437Z Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
2023-08-30T17:07:10.137652455Z
2023-08-30T17:07:27.888440019Z Some challenges have failed.
2023-08-30T17:07:27.888827810Z Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
2023-08-30T17:07:28.917766760Z ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

and again, the local IP, public IP and domain returned

ACME client standalone challenge solver

I'm searching for SWAG forums right now

if I try connecting to your website, I time out.

make sure your website works unencrypted, pls.

check port forwarding, firewalls, etc, etc.

5 Likes

Well, at least there's an error message when using Let's Encrypt.. Why ZeroSSL wouldn't give an error message when erroring, beats me..

Anyway, I concur with @9peppe as wel as Let's Encrypt (and probably ZeroSSL too): your website isn't reachable on port 80 (HTTP), which is required for the http-01 challenge.

Also not reachable on port 443 (HTTPS) by the way..

4 Likes

so far I have no site (will use hemdall later)
all I need right now are the subdomains

image
should I create a dummy site?
Last time I used this container, it had a dummy server

I changed my docker create command to clean /config/swag and with my personal email (the same email used on clodflare) :

docker create

rm * -r &&
docker create
--name=swag
--cap-add=NET_ADMIN
-e PUID=1000
-e PGID=1000
-e TZ=America/Sao_Paulo
-e URL=keldorei.com
-e SUBDOMAINS=www,plex,homeassistant
-e VALIDATION=http
-e DNSPLUGIN=cloudflare
-e EMAIL=alexis.brasileiro@outlook.com
-e ONLY_SUBDOMAINS=false
-e PROPAGATION=120
-e STAGING=true
-p 443:443
-p 80:80
-v /root/config/swag:/config
--restart unless-stopped
lscr.io/linuxserver/swag &&
docker start swag

and now I get a error about connection:

error

Requesting a certificate for keldorei.com and 3 more domains
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: homeassistant.keldorei.com
Type: connection
Detail: 191.209.27.7: Fetching http://homeassistant.keldorei.com/.well-known/acme-challenge/u-bgHQymUU2pZ4ZvIKfIJtVQ12zar3KAwkCVaW32TIU: Timeout during connect (likely firewall problem)
Domain: keldorei.com
Type: connection
Detail: 191.209.27.7: Fetching http://keldorei.com/.well-known/acme-challenge/tbAi30Bf3KxksjJx4le7PjQQfSR0AaGvl0Ejdu5R71E: Timeout during connect (likely firewall problem)
Domain: plex.keldorei.com
Type: connection
Detail: 191.209.27.7: Fetching http://plex.keldorei.com/.well-known/acme-challenge/vDqNsNgqx3zbBcho1KVbFN81BpJgEC-Apf9rLFmsiAk: Timeout during connect (likely firewall problem)
Domain: www.keldorei.com
Type: connection
Detail: 191.209.27.7: Fetching http://www.keldorei.com/.well-known/acme-challenge/N_j8EJjjOlbDMf16LIPYnelSa8AhIyfIvz2oDVGb6pM: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

but it's kinda odd, since I can access keldorei.com while the challenge runs:
image

The error is exactly the same. Your IP address is still not reachable on port 80. Please check any firewall (RPi, router, ISP, anything) and doublecheck the NAT portmaps.

2 Likes

Ok, standalone is a mess because it's only responding while it's running, it's much harder to debug.

Check the firewalls still.

4 Likes

just managed to run nginx inside the docker; now I can see the swag welcome page:


it's running even on my LTE device

I'm rly close to throw this container awai and hosting on another local server (even on my RPi, since it's all already mapped out)

Well, it's not from my point of view and Letsdebug agrees: Let's Debug

3 Likes

I don't see it.

Are you filtering connections from the rest of the world? Is your ISP doing so?

5 Likes

I'm not filtering connections, and my ISP shouldn't either....
I'll check Let's Debug (lovely name!) and get back to you two

Thanks so far!
have a great one!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.