Help certbot my domain

lscorrea · October 26, 2020, 8:03pm

My domain is:
t3m.com.br

I ran this command:
sudo certbot --nginx certonly -d pabx.t3m.com.br

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Selected plugins: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pabx.t3m.com.br
Waiting for verification ...
Cleaning up challenges
Failed authorization procedure. pabx.t3m.com.br (http-01): urn: ietf: params: acme: error: connection :: The server could not connect to the client to verify the domain :: Fetching http://pabx.t3m.com .br / .well-known / acme-challenge / HTS2FA37WQVY93tXPAN4FLbz5UsJBOphkUwmSX9Bn3w: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

The following errors were reported by the server:
I tested another domain that redirects to the same server
pabx.yousmart.com.br and it worked perfectly
same nginx rule same ip as server.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

yea

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.31.0

Osiris · October 26, 2020, 8:05pm

Your host isn't reachable on port 80 (nor on port 443 for that matter). This is required for the challenge. Please open port 80 in your firewall(s) and/or (NAT) router.

An alternative would be to use the dns-01 challenge, but that's way more difficult to set up in most circumstances.

lscorrea · October 26, 2020, 8:11pm

Sorry for the iguinorancia, I can access port 80 by typing pabx.yousmart.com.br or pabx.t3m.com.br, making a test

Status: active

To Action From

22 / tcp LIMIT Anywhere
443 / tcp ALLOW Anywhere
80 / tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
22 / tcp (v6) LIMIT Anywhere (v6)
443 / tcp (v6) ALLOW Anywhere (v6)
80 / tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)

how could it release port 80 for cerbot?

thank you.

Osiris · October 26, 2020, 8:19pm

You can't, this is not an issue with certbot. Your site isn't accessible from the world wide web at all. You can check external sites such as https://downforeveryoneorjustme.com/pabx.t3m.com.br to verify this.

Getting your site up and running for the world wide web is pretty much outside the scope of this Community I'm afraid.