Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.domain.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.domain.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the cli ent to verify the domain :: Fetching http://mail.domain.com/.well-known/acme-challenge/PExSgIpM_kPuT-uucph6rtkJZUzM7mXYecQcLpztBOA: Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided
My guess is that tcp port 80 isn't open (firewall problem) so the standalone mode doesn't work. There could of course be other reasons but it's hard to tell without a real domain. Also check out https://letsdebug.net
Port 80 are open to this internal Server, please why arnt possible to create this certificate
meny thanks for possible help.
root@srvname:# certbot certonly --standalone -d mail.carag.com --staple-ocsp -m info@carag.com --agree-tos
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.carag.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.carag.com (http-01): urn:ietf:params:acme:error:connection ::
The server could not connect to the cli http://mail.carag.com/.well-known/acme-challenge/f4uw3eTJUXv-pWn3Do6vi_I9UkBE-vOE8vwpFcnqb8s:
Timeout during connect (likely firewall prob
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@srvername:#
What do you mean exactly with "internal server"? Let's Encrypt needs to be able to connect on port 80 to the server from the world wide web (and from multiple locations too).
If your server is not accessible from the public internet, you can't use the http-01 challenge. In that case, it might be possible to use the dns-01 systems, but that requires access to the DNS zone of the hostname.