Help certbot my domain

My domain is:
t3m.com.br

I ran this command:
sudo certbot --nginx certonly -d pabx.t3m.com.br

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Selected plugins: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pabx.t3m.com.br
Waiting for verification ...
Cleaning up challenges
Failed authorization procedure. pabx.t3m.com.br (http-01): urn: ietf: params: acme: error: connection :: The server could not connect to the client to verify the domain :: Fetching http://pabx.t3m.com .br / .well-known / acme-challenge / HTS2FA37WQVY93tXPAN4FLbz5UsJBOphkUwmSX9Bn3w: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

  • The following errors were reported by the server:
    I tested another domain that redirects to the same server
    pabx.yousmart.com.br and it worked perfectly
    same nginx rule same ip as server.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

yea

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.31.0

2 Likes

Your host isn't reachable on port 80 (nor on port 443 for that matter). This is required for the challenge. Please open port 80 in your firewall(s) and/or (NAT) router.

An alternative would be to use the dns-01 challenge, but that's way more difficult to set up in most circumstances.

4 Likes

Sorry for the iguinorancia, I can access port 80 by typing pabx.yousmart.com.br or pabx.t3m.com.br, making a test

Status: active

To Action From


22 / tcp LIMIT Anywhere
443 / tcp ALLOW Anywhere
80 / tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
22 / tcp (v6) LIMIT Anywhere (v6)
443 / tcp (v6) ALLOW Anywhere (v6)
80 / tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)

how could it release port 80 for cerbot?

thank you.

2 Likes

You can't, this is not an issue with certbot. Your site isn't accessible from the world wide web at all. You can check external sites such as https://downforeveryoneorjustme.com/pabx.t3m.com.br to verify this.

Getting your site up and running for the world wide web is pretty much outside the scope of this Community I'm afraid.

3 Likes

Obrigado é regra de iptables, conseguir resolver, parabens...

2 Likes

Bem-vindo à Comunidade Let's Encrypt, Leandro :slightly_smiling_face:

Eu concordo com as descobertas de Osiris.

1 Like

Notei um servidor de nomes DigitalOcean. Você está usando um balanceador de carga?

1 Like