I cannot get certbot to run through. Whenever I tried to issue a new certificate, i'll get a "connection refused" error upon all challenges.
My domain is: icechat.ch
I ran this command:
sudo certbot certonly --standalone -d icechat.ch -d www.icechat.ch -d irc.icechat.ch
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Requesting a certificate for icechat.ch and 2 more domains Performing the following challenges: http-01 challenge for icechat.ch http-01 challenge for irc.icechat.ch http-01 challenge for www.icechat.ch Waiting for verification... Challenge failed for domain icechat.ch Challenge failed for domain irc.icechat.ch Challenge failed for domain www.icechat.ch http-01 challenge for icechat.ch http-01 challenge for irc.icechat.ch http-01 challenge for www.icechat.ch Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: icechat.ch Type: connection Detail: Fetching http://icechat.ch/.well-known/acme-challenge/hT2oAFuuriJpRK-_HUfRW3ymvVHQa1Tz1FSDASDEL8w: Connection refused Domain: irc.icechat.ch Type: connection Detail: Fetching http://irc.icechat.ch/.well-known/acme-challenge/4g1Xt4kuRDPnAFei_vdwV_tEeYR71tnt8_4rPHBoMVI: Connection refused Domain: www.icechat.ch Type: connection Detail: Fetching http://www.icechat.ch/.well-known/acme-challenge/CN8UZ8eMMBy0cxdzqhu8SjdvjJvj0M_STvWG6KhcJmk: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
My web server is (include version): tomcat 9.0.41
The operating system my web server runs on is (include version): Debian 10
My hosting provider, if applicable, is: hetzner.com
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 1.11.0
Server is stopped, and ports are open. ufw status output:
sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 22 ALLOW Anywhere 6667 ALLOW Anywhere 6697 ALLOW Anywhere 8843 ALLOW Anywhere 8000 ALLOW Anywhere WWW ALLOW Anywhere 8080 ALLOW Anywhere 8443 ALLOW Anywhere 80 ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 80,443/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 22 (v6) ALLOW Anywhere (v6) 6667 (v6) ALLOW Anywhere (v6) 6697 (v6) ALLOW Anywhere (v6) 8843 (v6) ALLOW Anywhere (v6) 8000 (v6) ALLOW Anywhere (v6) WWW (v6) ALLOW Anywhere (v6) 8080 (v6) ALLOW Anywhere (v6) 8443 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 80,443/tcp (v6) ALLOW Anywhere (v6)
The domain is pointing to the correct IP address and other server using the same provider produced no issues.
What else can I check to get my certificate?
Thanks for any pointers.