Help i need to upload a https certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mdmtopnet.duckdns.org

I ran this command: sudo certbot --nginx -d mdmtopnet.duckdns.org

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mdmtopnet.duckdns.org

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mdmtopnet.duckdns.org
Type: connection
Detail: 196.185.29.18: Fetching http://mdmtopnet.duckdns.org/.well-known/acme-challenge/wfoy4ZxCubu7r9K0w3dFebZ24n8kXCwmsQgA01okx8s: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): ubuntu server 22.04 LTS (oracle VM virtual BOX)

The operating system my web server runs on is (include version): Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Is there something unclear about this error message? Let's Encrypt needs to connect to your server via HTTP to validate your control over the domain. It was unable to do so--the attempted connection timed out. The most likely reason for this, as the error message says, is that there's a firewall blocking the connection. You'll need to find that firewall and correct its configuration.

please witch configuration do i need to change in the firewall

You might want to check if you need to add some port forwarding, and make sure you're not behind carrier-grade NAT (CGNAT).

I am using Internet sharing via my mobile phone

I know. That's why I asked.

You also might not have control over the firewall. In that case your only solution might be something like cloudflare tunnels or ngrok or similar (a few of which will handle tls for you) GitHub - anderspitman/awesome-tunneling: List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.

Um, okay? Unfortunately, that doesn't tell us anything about your network setup.

The bottom line is that Let's Encrypt needs to contact your server ("your server" being whatever you want to serve mdmtopnet.duckdns.org with), on port 80, from around the world. You're responsible to configure your network appropriately to make that happen. I'm going to speculate that, if the Internet connection to your server is via your mobile phone, it isn't possible--but you may need to ask your mobile phone carrier about that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.