Failed authorization procedure

My domain is: lora.saluton.dk

I ran this command: sudo certbot --nginx -d lora.saluton.dk

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lora.saluton.dk
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. lora.saluton.dk (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://lora.saluton.dk/.well-known/acme-challenge/uypzdOXrZgdvLe2wnmTmtAslO6-v0D9LmXDFfE87Lwg: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: lora.saluton.dk
    Type: connection
    Detail: Fetching
    http://lora.saluton.dk/.well-known/acme-challenge/uypzdOXrZgdvLe2wnmTmtAslO6-v0D9LmXDFfE87Lwg:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.2 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @dtu

there are older checks of your domain - https://check-your-website.server-daten.de/?q=lora.saluton.dk

Only timeouts:

Domainname Http-Status redirect Sec. G
http://lora.saluton.dk/
130.225.170.207 -14 10.026 T
Timeout - The operation has timed out
https://lora.saluton.dk/
130.225.170.207 -14 10.010 T
Timeout - The operation has timed out
http://lora.saluton.dk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
130.225.170.207 -14 10.027 T
Timeout - The operation has timed out
Visible Content:

There is no older certificate. If you use http-01 validation, a working http website (port 80) is required.

Is there a website? Or is it a firewall / router problem?

Same result checking your ip address ( https://check-your-website.server-daten.de/?q=130.225.170.207 ):

Domainname Http-Status redirect Sec. G
http://130.225.170.207/
130.225.170.207 -14 10.030 T
Timeout - The operation has timed out
https://130.225.170.207/
130.225.170.207 -14 10.027 T
Timeout - The operation has timed out
http://130.225.170.207/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
130.225.170.207 -14 10.026 T
Timeout - The operation has timed out
Visible Content:

Thanks for the fast response!

Can this have anything to do with that it’s the web-interface in fact is accessed by “lora.saluton.dk:8080”?

I’ve configured nginx.conf, so that it’s redirecting “lora.saluton.dk”.

/etc/nginx/nginx.conf

    server {

    index index.html index.html index.nginx-debian.html;
    server_name lora.saluton.dk; # managed by Certbot

    listen 80;
    server_name lora.saluton.dk;

    location / {
    proxy_set_header   X-Forwarded-For $remote_addr;
    proxy_set_header   Host $http_host;
    proxy_pass         "http://130.225.170.207:8080";
    }

    location ~ ^/api/(gateways|devices)/(\w+)/(frames|events)$ {
    proxy_pass https://130.225.170.207:8080/api/$1/$2/$3;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_read_timeout 86400s;
    proxy_send_timeout 86400s;
    }  

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    #ssl_certificate /etc/loraserver-certificates/certs/keys/cert.pem; # managed by Certbot
    #ssl_certificate_key /etc/loraserver-certificates/certs/keys/key.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  }

Does that work internal? External, I see only timeouts.

Is it a home server?

Some ISP are blocking port 80.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.