Hi,
I have a Raspberry connected in my LAN.
I have opened both ports 80 and 443 (to 80 and 443 of my Raspberry).
I controlled that these access are OK.
I tried to install Let’s Encrypt but the message is always the same :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxx.freeboxos.fr
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. xxxxx.freeboxos.fr (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xxxxx.freeboxos.fr/.well-known/acme-challenge/xJNgOpBaagNZRomoVEMfYjrLYe8nD831lzrXNhtj-oo: Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Bad Request
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Same response here… no change
Is it correct to redirect the port 80 to the same port in my Raspberry ?
I tried both 80 => 80 and 80 => 443 without any success !!
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): bulledo.freeboxos.fr
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bulledo.freeboxos.fr
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
The underlying problem is that you have an AAAA record advertising an IPv6 address (2a01:e35:8be9:f100::1) for your server, but your server does not actually answer connections to this address. You should fix your IPv6 configuration (including making sure that your web server is listening to IPv6 requests, not just IPv4 requests), or else remove this AAAA record.
Another question is where the record came from (who created it, and why did the person or organization who created it think that that particular IPv6 address would work for you?).
You’ll need to answer requests on IPv6 or else remove that DNS record. Otherwise, Let’s Encrypt can’t issue you a certificate. As far as I know, there is no workaround for this.
There is an alternative way to prove your control over a domain name, called DNS-01, which is not affected by this—but DNS-01 requires being able to create new custom DNS entries. If you can’t remove an AAAA record from your DNS, I doubt you’ll be able to create a custom TXT record either!
Let’s Encrypt is trying to confirm people’s control over domain names based on the official information about those domain names in the DNS system. The AAAA record says, on behalf of the owner of the domain, “if you want to connect to bulledo.freeboxos.fr, you can reach it over IPv6 at 2a01:e35:8be9:f100::1”. Let’s Encrypt therefore believes this claim and effectively says “if you want to prove that you control the domain name, you should be able to answer requests at that IP address”.