Failed authorization procedure.Timeout during connect (likely firewall problem)

Help
1

Installing Nextcloud on a Raspberry Pi, I am facing issued when trying to create a letsencrypt certificate.
The ip address I added to my DynDNS provider (spdyn.de) is the ip address I found out by typing into a webbrowser “ifconfig.me” from my computer, not the raspberry. But it should be the same because this should be the public ip address of my router right? In my router (FritzBox) I granted access to the local ip address of my pi (192.168.178.35) for port 80 and 443.
I followed this instruction for setting up Nextcloud on a Raspberry Pi: https://canox.net/2016/06/die-eigene-cloud-mit-dem-raspberry-pi-und-nextcloud/
I do not know, why creating the certificates is failing. However, I am new to these topics and can not verify, if I setted up my DynDNS correctly.

My domain is:
wolke4000.spdns.org

I ran this command on the raspberry pi with user pi (not root):
sudo certbot certonly --webroot -w /var/www/html/ -d wolke4000.spdns.org -m raspnextfritz@mailbox.org --agree-tos

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wolke4000.spdns.org
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. wolke4000.spdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://wolke4000.spdns.org/.well-known/acme-challenge/TH_dPnmFeEnAtSScmk_G1ovJ-riURPQsGlLOLer7dcc: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: wolke4000.spdns.org
    Type: connection
    Detail: Fetching
    http://wolke4000.spdns.org/.well-known/acme-challenge/TH_dPnmFeEnAtSScmk_G1ovJ-riURPQsGlLOLer7dcc:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • We were unable to subscribe you the EFF mailing list because your
    e-mail address appears to be invalid. You can try again later by
    visiting https://act.eff.org.

My web server is (include version):
I do not know how the get that information from my raspberry. However, during the setup process I executed this command:
sudo apt install git certbot unzip nginx postgresql curl libcurl4 redis-server php7.3-fpm php7.3-curl php7.3-gd php7.3-intl php7.3-mbstring php7.3-opcache php7.3-xml php7.3-xmlrpc php7.3-zip php7.3-apcu php7.3-common php7.3-intl php-pear php7.3-apcu php7.3-xml php7.3-mbstring php7.3-zip php7.3-pgsql php7.3-intl php-imagick php7.3-json php7.3-bz2 php-smbclient redis-server php-redis

The operating system my web server runs on is (include version):
Linux raspberrypi 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l GNU/Linux

My hosting provider, if applicable, is:
spdyn.de

I can login to a root shell on my machine (yes or no, or I don’t know):
I can log in using PUTTY and ssh, but only with the user “pi”.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

2

Hi @raspnextfritz

your http doesn't answer.

A working port 80 is required if you want to create a certificate via http validation.

Read

and fix your timeout. May be a firewall. May be a missing router forward.

3

Hey @JuergenAuer, thank you very much for you answer. I followed the instructions you provided. However, it did not solve my issue.
I followed in “Challenge Types - Let’s Encrypt - Free SSL/TLS Certificates” the steps in " HTTP-01 challenge". Therefore I change from password authentification to token authentification in my DynDNS provider spdyn.de. I still get the same error message as posted earlier.
Port 80 is activated on my FritzBox. The raspberry pi 4 does not have a firewall itsself which needs to be deactived?

4

Your port 80 doesn't answer - see https://check-your-website.server-daten.de/?q=wolke4000.spdns.org

Domainname Http-Status redirect Sec. G
http://wolke4000.spdns.org/ 89.246.122.49 -14 10.036 T
Timeout - The operation has timed out
https://wolke4000.spdns.org/ 89.246.122.49 -14 10.027 T
Timeout - The operation has timed out
http://wolke4000.spdns.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 89.246.122.49 -14 10.030 T
Timeout - The operation has timed out
Visible Content:

Only timeouts, no answer.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.