Help certbot my domain

lscorrea · October 26, 2020, 8:03pm

My domain is:
t3m.com.br

I ran this command:
sudo certbot --nginx certonly -d pabx.t3m.com.br

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Selected plugins: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pabx.t3m.com.br
Waiting for verification ...
Cleaning up challenges
Failed authorization procedure. pabx.t3m.com.br (http-01): urn: ietf: params: acme: error: connection :: The server could not connect to the client to verify the domain :: Fetching http://pabx.t3m.com .br / .well-known / acme-challenge / HTS2FA37WQVY93tXPAN4FLbz5UsJBOphkUwmSX9Bn3w: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

The following errors were reported by the server:
I tested another domain that redirects to the same server
pabx.yousmart.com.br and it worked perfectly
same nginx rule same ip as server.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

yea

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.31.0

Osiris · October 26, 2020, 8:04pm

Your host isn't reachable on port 80 (nor on port 443 for that matter). This is required for the challenge. Please open port 80 in your firewall(s) and/or (NAT) router.

An alternative would be to use the dns-01 challenge, but that's way more difficult to set up in most circumstances.

lscorrea · October 26, 2020, 8:11pm

Sorry for the iguinorancia, I can access port 80 by typing pabx.yousmart.com.br or pabx.t3m.com.br, making a test

Status: active

To Action From

22 / tcp LIMIT Anywhere
443 / tcp ALLOW Anywhere
80 / tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
22 / tcp (v6) LIMIT Anywhere (v6)
443 / tcp (v6) ALLOW Anywhere (v6)
80 / tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)

how could it release port 80 for cerbot?

thank you.

Osiris · October 26, 2020, 8:19pm

You can't, this is not an issue with certbot. Your site isn't accessible from the world wide web at all. You can check external sites such as https://downforeveryoneorjustme.com/pabx.t3m.com.br to verify this.

Getting your site up and running for the world wide web is pretty much outside the scope of this Community I'm afraid.

lscorrea · October 27, 2020, 12:32am

Obrigado é regra de iptables, conseguir resolver, parabens...

griffin · October 27, 2020, 1:10am

Bem-vindo à Comunidade Let's Encrypt, Leandro

Eu concordo com as descobertas de Osiris.

griffin · October 27, 2020, 1:16am

Notei um servidor de nomes DigitalOcean. Você está usando um balanceador de carga?

Topic		Replies	Views
Failed authorization procedure. during connect (likely firewall problem) Help	6	1531	May 5, 2020
Timeout during connect (likely firewall problem) but ports are open Help	5	125	March 7, 2025
Certbot failed to authenticate some domains Help	16	567	March 28, 2023
Issues with certbot Help	18	1138	May 10, 2023
Error generating certbot certificate Help	16	517	December 21, 2023

Help certbot my domain

Related topics