Connection timeout using certbot

Hello, I’m trying to run self hosted a chat server using matrix and riot on pc. I followed this guide: https://blog.cryptoaustralia.org.au/2017/03/21/run-your-end-to-end-encrypted-chat-server-matrix-riot/
I’m encrypting, I get a connection timeout error. I’m using freenom.com for domain and I think the problem is in registering domain name. I left name blank, type A TTL 14440 and target my "public ip"
I cant forward port 80 so I did 8080 and 443. How do I check if they’re open. Is firewall the problem?
I’m using Debian Linux and I’m very new to this. Please help, Thank you.
Screenshot from 2017-10-22 12-12-29|690x469

Were you able to obtain a certificate with the certbot commands provided? What is your actual domain name? If you’re unable to use port 80, you’re restricted to using either tls-sni-01 challenges or dns-01 challenges. I believe standalone mode uses tls-sni-01, so that’s fine, but there is a problem with that tutorial.

The standalone web server will not be able to start if you have another webserver listening on port 443. You would need to temporarily stop your nginx instance every time you issue or renew your certificates. This is usually not desirable. I believe the nginx plugin currently uses tls-sni-01 as well, so you should be able to issue a certificate with the nginx plugin. You should be able to issue a certificate with certbot nginx instead of certbot certonly.

1 Like

No, I’m not able to obtain the certificate. Domain name is depiale.cf
I used certbot nginx and got an error: certbot: error: unrecognized arguments: nginx
Thanks for that quick reply btw, i really appreciate it.

No problem! First, my apologies, that was supposed to be certbot --nginx If that gives you an unrecognized argument, could you post the output of certbot --version?

1 Like

No worries! yes it does give unrecognized argument. version is 0.10.2

I tried updating it with sudo apt-get install certbot but is says that I already have newest version. I’m on debian 9

Hi @rushatgabhane,

You need to install python-certbot-nginx package.

apt-get install python-certbot-nginx

Cheers,
sahsanu

1 Like

Thanks, I ran that but still the version is 0.10.2 :joy:

@rushatgabhane, the version won’t change, it is 0.10.2 in Debian Stretch, the command I passed installs the nginx plugin needed to be able to run certbot --nginx command.

1 Like

Okayy, the command ran but I get the following errors

This suggests that you’ve added stuff to your nginx configuration based on that guide that isn’t ready yet. If you had a working configuration before, revert those changes and restore your configuration to how it was before, and certbot should work.

Or if you can’t because you never had a working configuration, it may suffice to just comment out (i.e. add a # in front of) the two lines that start with ssl_certificate.

1 Like

Thanks a lot for that!!
It worked but then again, connection timeout error

I cannot access http://depiale.cf:8080/ which suggests there might be a port forwarding or firewall problem.

Did you forward port 8080 on your router to port 80 on your server, or did you change it in both places?

What is the output of ss -tln?

Do you have another computer or smartphone connected to the same network (behind the same router) you can use? If so, see if you can access the server locally. Run ip addr on the server to figure out its local IP address, then on the other computer try to visit that IP address in a web browser, e.g. http://192.168.1.100/ or http://192.168.1.100:8080/. Let us know if you can do this successfully or also get a timeout error.

1 Like

Output for ss -tln


Yes, I have another device. Wait, I’ll get back to you

I ip address on other device, I got it!
It says welcome to nginx etc…

This means you don't have a firewall blocking anything on your Debian box.

Also, your ss output indicates that you are using port 8088 not port 8080 like you said in a previous post. It doesn't matter which you use but please make sure you use the same one consistently everywhere.

Now that we've eliminated a firewall as a possibility I looked at your domain configuration more closely and discovered a problem. The A record for depiale.ch currently points to 10.33.107.197. IP addresses that start with 10.* are private addresses that are not publicly routable over the Internet, so nobody can access your website this way.

You will need to figure out the real public IP address connected to your router, e.g. by visiting whatismyipaddress.com, and change your A record with your DNS provider to that. Then after your TTL expires in 12 hours, but usually sooner, you should be able to access your site from a from some other network (e.g. public WiFi or your smartphone's data plan) at http://depiale.ch:8088/.

Once you've confirmed that works, try running certbot again.

1 Like

You’re the best man! I would not have been able to do this without your help. Thanks a lot
I’ll message you tomorrow with a follow up.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.