Generation of certificate with loopback not allowed


#1

Please fill out the fields below so we can help you better.
My domain is: deliverance.ddns.net

I ran this command: sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d deliverance.ddns.net

It produced this output: Failed authorization procedure. deliverance.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to 92.28.XXX.XXX:XXXX

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: deliverance.ddns.net
    Type: connection
    Detail: Could not connect to 92.28.XXX.XXX:XXXX

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My operating system is (include version): Linux raspberrypi 4.4.38-v7+

My web server is (include version): nginx version: nginx/1.6.2

My hosting provider, if applicable, is: No-IP

I can login to a root shell on my machine (yes or no, or I don’t know): Yes
’m using a control panel to manage my site (no, or provide the name and version of the control panel): I dont know

Good morning. I’m quite new in all this so, please forgive me if I make dummy questions or any stupid assumption. My end goal is having node-red running in my pi serving some webpages, and handle the traffic with nginx. The tutorial that i’m following (with some exceptions) is Tutorial.

So:

  • I have running nginx. I can connect to my localhost:80 and see the basic webpages server by nginx.
  • I have a ddns (deliverance.ddns.net) and If i access that DNS from outside my local network, I can see the basic webpages server by nginx.

Now, I want to create a certificate with Let’s Encrypt and I ran the command mentioned before with the result mentioned before too.

I think that the problem is that, when I execute the command to generate the certificate the connection is

Local network -> DDNS -> Local network again.

I was asking in the forums of my internet provider, and seems that the problem is that loopback is not allowed.

I was wondering, is there anyway to avoid that restriction.

As a note, the router is a Huawey HG633 and I was not able to find an specific option that could help me with that in the admin panel of the router.

Regards


#2

You redirect eveything on that domain name to 92.xx.xxx.xxx:1890 (I’m not sure why you turn that into xxx - because I anyone gets redirected to that IP - so it’s public information).

I can’t access that IP on port 1890 though. Do you have a firewall ? or have you not set up port forwarding ?

You may be easier obtaining a cert using the DNS-01 challenge


#3

Good morning serverco. Thanks for the answer. I am currently out of the country so I turned off everything (that is why you could not access to the pi probably) you are right I masked the ip with XXX but only because as I’m new, I’m a bit paranoid with the security but as you pointed, the domain just gives the ip so… My bad hahaha. I will be able to set everything up tomorrow and let my pi running. I will post another message when everything is ready. Maybe that could help us. I dont know about the dns1 challenge I will try to read and find some information about it during my trip back.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.