I have a debian 9 (stretch) install, with nginx running on port 80. I can get to the page via various networks, so I am assuming DNS is correctly configured, and the firewall is allowing traffick through.
When running sudo certbot certonly --staging --webroot -w /var/www/html -d coach.datanose.nl
I recieve the following response:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for coach.datanose.nl
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. coach.datanose.nl (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://coach.datanose.nl/.well-known/acme-challenge/1Ceu_HIQgKF_fW9AhooDe7qhNJ5xD8JPdomj2YnGQrk: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: coach.datanose.nl
Type: connection
Detail: Fetching
http://coach.datanose.nl/.well-known/acme-challenge/1Ceu_HIQgKF_fW9AhooDe7qhNJ5xD8JPdomj2YnGQrk:
Timeout during connect (likely firewall problem)
Looking at the log I see nothing special, except for a timeout at the end.
If I abort the process half-way, and manually look up the challenge (via my browser), I can find it without any problems.
My iptables state:
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http /* Allow HTTP */
So I am now confused as how to proceed :s