I have a debian 9 (stretch) install, with nginx running on port 80. I can get to the page via various networks, so I am assuming DNS is correctly configured, and the firewall is allowing traffick through.
When running sudo certbot certonly --staging --webroot -w /var/www/html -d coach.datanose.nl
I recieve the following response:
Obtaining a new certificate Performing the following challenges: http-01 challenge for coach.datanose.nl Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. coach.datanose.nl (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://coach.datanose.nl/.well-known/acme-challenge/1Ceu_HIQgKF_fW9AhooDe7qhNJ5xD8JPdomj2YnGQrk: Timeout during connect (likely firewall problem) IMPORTANT NOTES: - The following errors were reported by the server: Domain: coach.datanose.nl Type: connection Detail: Fetching http://coach.datanose.nl/.well-known/acme-challenge/1Ceu_HIQgKF_fW9AhooDe7qhNJ5xD8JPdomj2YnGQrk: Timeout during connect (likely firewall problem)
Looking at the log I see nothing special, except for a timeout at the end.
If I abort the process half-way, and manually look up the challenge (via my browser), I can find it without any problems.
My iptables state:
target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http /* Allow HTTP */
So I am now confused as how to proceed :s