Error install certificate for certbot


#1

I am trying to install https certificate for my ubuntu server but I seem to get this error that i can’t get around it.

ericus20@hackstreetboys:~/.well-known$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): hackstreetboys.ddns.net
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for hackstreetboys.ddns.net
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. hackstreetboys.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://hackstreetboys.ddns.net/.well-known/acme-challenge/XsU6N8zthpmBnJiKwLG12e96BMO5GsDNMxoJs0uzqzo: Timeout

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: hackstreetboys.ddns.net
    Type: connection
    Detail: Fetching
    http://hackstreetboys.ddns.net/.well-known/acme-challenge/XsU6N8zthpmBnJiKwLG12e96BMO5GsDNMxoJs0uzqzo:
    Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    ericus20@hackstreetboys:~/.well-known$ cd …

One thing I am sure of is when I test ipv6 on my router, it always says my ISP supports IPV6 but it always timeout.


#2

You don’t have any AAAA records, so it isn’t an IPv6 issue.

However, I’m also unable to connect to your server (68.100.185.226) on port 80 as well. Are you sure this port is open to the internet and forwarded properly through your router?


#3

That is correct. For some reason when I test with a site on open ports it says that my port 80 is closed but I do have Apache running on port 0.0.0.0:80 and also have it configured in my router to enable port forwarding. I don’t understand why.
Is there something that I am missing?


#4

Cox reportedly firewalls port 80.

https://www.cox.com/residential/support/internet-ports-blocked-or-restricted-by-cox.html

If you cannot get your ISP to allow port 80, you would have to use DNS validation; I’m not sure if No-IP supports that, or if you would have to get a different DNS provider.


#5

Thank you for the quick response.

I read right now that Cox does not allow port 80. I don’t know what to do but when I try to access hackstreetboys.ddns.net:80 even out of my network, it opens up my apache server so I thought it was good to go.

I do not know much about DNS validation and not sure if I have to consider another DNS provider.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.