DNS Problem dynv6.com

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud-myweb.dynv6.net

I ran this command: certbot certonly --apache dry-run

It produced this output:

  • The following errors were reported by the server:

    Domain: cloud-myweb.dynv6.net
    Type: connection
    Detail: Fetching
    http://cloud-myweb.dynv6.net/.well-known/acme-challenge/IOsxRqMo5f-rYfLTJUtSyT4ZKhQmcFNIfalxpJEeKYI:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version):
ibm-server:/srv/www/htdocs/nextcloud/config # httpd-prefork -v
Server version: Apache/2.4.33 (Linux/SUSE)
Server built: 2019-08-28 06:00:22.000000000 +0000

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
local server

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.24.0

Hi @holger

there are some checks of your domain - https://check-your-website.server-daten.de/?q=cloud-myweb.dynv6.net

There you see the problem.

Your port 80 doesn’t answer, there is a timeout.

You need an open port 80.

Your https / port 443 works. But that’s not enough. Is there a running webserver? Firewall? Correct port forwarding?

Looks like a home server. Blocks your ISP port 80?

PS: There are already two new certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-08-29 2019-11-27 cloud-myweb.dynv6.net, owncloud-homenet.dynv6.net - 2 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-08-29 2019-11-27 cloud-myweb.dynv6.net, owncloud-homenet.dynv6.net - 2 entries duplicate nr. 1

And you use one of these.

CN=cloud-myweb.dynv6.net
	29.08.2019
	27.11.2019
expires in 84 days	
cloud-myweb.dynv6.net, owncloud-homenet.dynv6.net - 2 entries

Why do you want to create a new certificate?

Use that 60 - 85 days, then create the next.

i have this certificate produced on a other virtual machine. but this machine dosn’t more exist. also i will change the servername und create an new certificate for my nextcloud

port 80 ist open in firewall and in the router (fritzbox) forwarded.
from an other intern client i can connect:

holger@pc-ho-lin:~> wget 172.17.1.254
–2019-09-04 21:42:31-- http://172.17.1.254/
Verbindungsaufbau zu 172.17.1.254:80 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 400 Bad Request
2019-09-04 21:42:32 FEHLER 400: Bad Request.

or

holger@pc-ho-lin:~> lynx --dump 172.17.1.254

This application requires JavaScript for correct operation. Please
[1]enable JavaScript and reload the page.

Nextcloud

Access through untrusted domain

Please contact your administrator. If you are an administrator, edit
the “trusted_domains” setting in config/config.php like the example in
config.sample.php.

Further information how to configure this can be found in the
[2]documentation.

[3]Nextcloud – a safe home for all your data

Verweise

  1. https://www.enable-javascript.com/
  2. https://docs.nextcloud.com/server/16/go.php?to=admin-trusted-domains
  3. https://nextcloud.com/
    holger@pc-ho-lin:~>

i think, apache (http-prefork) redirekt vom http to https… but i NOT found this option

That’s

not relevant. Letsencrypt must be able to connect your domain.

And you have to use the domain name, not the ip address.

Host T IP-Address is auth. ∑ Queries ∑ Timeout
cloud-myweb.dynv6.net A 87.123.15.109 Berlin/Land Berlin/Germany (DE) - 1&1 Versatel Deutschland GmbH Hostname: i577b0f6d.versanet.de yes 1 0
AAAA yes

Is this (87.123.15.109) your current ip address?

172.17.1.254 is a private ip address, not public / unique.

yes

|Internet, IPv4||verbunden seit 04.09.2019, 08:07 Uhr, 1&1 Internet, Geschwindigkeit des Internetzugangs (verfügbare Bitrate): ↓ 51,3 Mbit/s ↑ 11,1 Mbit/s,

IP-Adresse: 87.123.15.109

172.17.1.254 is
the intern apdrees of the local-home-server

Freigaben

ssh
TCP
87.123.15.109
22

HTTP-Server
TCP
87.123.15.109
80

HTTPS-Server
TCP
87.123.15.109
443

Checking your raw ip it’s the same - https://check-your-website.server-daten.de/?q=87.123.15.109

Domainname Http-Status redirect Sec. G
http://87.123.15.109/
87.123.15.109 -14 10.030 T
Timeout - The operation has timed out
https://87.123.15.109/
87.123.15.109 400 3.406 N
Bad Request
Certificate error: RemoteCertificateNameMismatch
http://87.123.15.109/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
87.123.15.109 -14 10.017 T
Timeout - The operation has timed out

There is a bad request port 443, you have a bad request port 80. But a certificate is visible.

So your internal webserver may be wrong.

What says

apachectl -S

ibm-server:/var/log # apachectl -S
VirtualHost configuration:
*:80 cloud.myweb.dynv6.net (/etc/apache2/vhosts.d/certbot.conf:1)
*:443 cloud.myweb.dynv6.net (/etc/apache2/vhosts.d/cloud.conf:3)
ServerRoot: “/srv/www”
Main DocumentRoot: “/srv/www/htdocs”
Main ErrorLog: “/var/log/apache2/error_log”
Mutex default: dir="/run/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: “/var/run/httpd.pid”
Define: SYSCONFIG
Define: SSL
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“wwwrun” id=30
Group: name=“www” id=8

Your domain name is

cloud-myweb.dynv6.net

so there is no vHost defined.

I have serveralias used

May be an additional PC-firewall or something else, that blocks.

Use online tools to check -> timeout, certificate creation can’t work.

PS: Or your ISP blocks port 80.

i have now change the portforwarding to my pvr - now
cloud-myweb.dynv6.net redirect to my videorecorder-pc… it works

also the cloud-server isnt correct answer

ISP dosnt block, it must a problem with apache on my server

ibm-server:/var/log # cat /etc/apache2/vhosts.d/cloud.conf

<VirtualHost *:443>
ServerAdmin admin@schlicker.me
ServerName cloud.myweb.dynv6.net
ServerAlias myweb.dynv6.net
ServerAlias cloud-myweb.dynv6.net
ServerAlias owncloud-homenet.dynv6.net
ServerAlias schlicker.dynv6.net
DocumentRoot /srv/www/htdocs/nextcloud
<Directory /srv/www/htdocs/nextcloud/>
Options FollowSymLinks MultiViews
AllowOverride all
#Order deny,allow
#allow from all

ErrorLog /var/log/apache2/cloud_error.log
CustomLog /var/log/apache2/cloud_access.log combined
SSLEngine on
<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars

<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt.safe/live/cloud-myweb.dynv6.net-0001/fullchain1.pem
SSLCertificateKeyFile /etc/letsencrypt.safe/live/cloud-myweb.dynv6.net-0001/privkey1.pem

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

ibm-server:/var/log #

Port 443 isn’t relevant.

Read

Port 80 must answer.

And port 443 works.

ibm-server:/var/log # cat /etc/apache2/vhosts.d/certbot.conf 
<VirtualHost *:80>
        ServerAdmin admin@schlicker.me
        ServerName cloud.myweb.dynv6.net
        ServerAlias myweb.dynv6.net
        ServerAlias cloud-myweb.dynv6.net
        ServerAlias owncloud-homenet.dynv6.net
        ServerAlias schlicker.dynv6.net
        DocumentRoot /srv/www/htdocs/nextcloud 
        <Directory /srv/www/htdocs/nextcloud/>
                Options FollowSymLinks MultiViews
                AllowOverride all
#                Order deny,allow
#                allow from all
        </Directory>
        ErrorLog /var/log/apache2/certbot_error.log
        LogLevel warn
        CustomLog /var/log/apache2/certbot_access.log combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =cloud.myweb.dynv6.net [OR]
#RewriteCond %{SERVER_NAME} =myweb.dynv6.net [OR]
#RewriteCond %{SERVER_NAME} =cloud-myweb.dynv6.net [OR]
#RewriteCond %{SERVER_NAME} =owncloud-homenet.dynv6.net [OR]
#RewriteCond %{SERVER_NAME} =schlicker.dynv6.net
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

why apache not answer from vhost certbot?

The problem was found and solved. In the router (Fritzbox) was a filter list active, which has blocked the HTTP server protocol for the local home server. Certificate are now ok, all the best, THANK YOU

1 Like