Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
My web server is (include version): creating one myself, clicked on "Other" in the certbot installation
The operating system my web server runs on is (include version): Win11 (My PC)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.24.0
Soooooo
I've disabled the firewall on my pc (Win11 - the webserver host) and forwarded ports 80 and 443 (Also tried DMZ on/off - same result either way).
When I ran the command with the --manual option, it did create and deleted almost immediately after a .well-known directory contaning a few files.
Are you sure your IP address is 46.117.123.105 and you have allowed inbound connections on your firewalls (pc, router, isp) and port forwarding on your router?
When I run my web app, I can connect via my external ip as well as the domain name using a browser (port 80 - indicating that my firewalls aren't blocking the connection).
I've also set up a windows firewall "Inbound Rule" and configured a port forwarding rule that leads to my PC to allow all connection using port 80 as TCP.
You could add --debug-challenge -v to your command
That will pause before doing the challenge so you (or we) could try it.
The standalone mode is harder to debug otherwise since port 80 is only connected while the standalone server is running.
Ran the command with the suggested args.
As the cmd described, I created a file in C:.well-known\acme-challenge\ with the proper name and value and pressed a key in order to let the program run.
Output:
C:\WINDOWS\system32>certbot -d pinkhas.hopto.org certonly --standalone --debug-challenge -v
Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for pinkhas.hopto.org
Performing the following challenges:
http-01 challenge for pinkhas.hopto.org
Challenges loaded. Press continue to submit to CA.
The following URLs should be accessible from the internet and return the value
mentioned:
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
You should not create any challenge files certbot does that for you.
Do you have any geo blocking in your firewall?
Try running the command again but when it says "Press Enter to Continue" don't do anything and let us know the URL it is looking for. We can evaluate it better in that condition
Nmap scan report for pinkhas.hopto.org (46.117.123.105)
Host is up (0.23s latency).
rDNS record for 46.117.123.105: 46-117-123-105.bb.netvision.net.il
PORT STATE SERVICE
22/tcp filtered ssh
53/tcp filtered domain
80/tcp filtered http
443/tcp filtered https
Great. I can see the correct value using an AWS region in US East Coast (one Let's Encrypt server also in that AWS region).
But, Let's Debug also still cannot see it. It does similar method to Let's Encrypt. Could you have a geo block on Germany or other US areas? Let's Encrypt needs to challenge from several points around the globe (currently usually Germany and up to 3 US sites).
Sure seems like GEO based firewall - maybe in your ISP or router?
Here is my detailed results:
curl -i http://pinkhas.hopto.org/.well-known/acme-challenge/alzUuQrksKqVp9rkKVe0wpkFod1C1HwSsnpmmHl9aQ0
HTTP/1.0 200 OK
Server: BaseHTTP/0.6 Python/3.9.7
Date: Wed, 02 Mar 2022 20:31:34 GMT
alzUuQrksKqVp9rkKVe0wpkFod1C1HwSsnpmmHl9aQ0.sy6COMqEWsXkSUoZr-PnXJUvioeTCAQ1DOh0I2vvBDI
You cannot do anything with my 'detailed result'. Just providing more info to other volunteers to confirm what is happening. It just proves the standalone certbot server can be reached from someone.
Check your router for any geographic based firewall (that's what I meant by geo). I think @9peppe is in Italy so he is failing and also Let's Debug and Let's Encrypt which both try from Europe so might be the key pattern.
I tried a global reachability website test and it's completely random. Sometimes it works sometimes it doesn't. It doesn't look like it's geographical.
