Http-01 challenge time out when using webroot plugin


#1

Hello eveyone:
I want to deploy an SonarQube server and use nginx as the HTTPS proxy. So I chose Let’s encrypt and certbot. The server deploys on my own laptop so I can do everything on it. Everything seems ok, but it failed becasue of a time out error. You can access http://sonarqube.xsun.io/.well-known/acme-challenge/test to see it is accessible.

My domain is:
sonarqube.xsun.io

I ran this command:
sudo certbot certonly --webroot -w /home/xsun2001/letsencrypt -d sonarqube.xsun.io

It produced this output:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: sonarqube.xsun.io
   Type:   connection
   Detail: Fetching
   http://sonarqube.xsun.io/.well-known/acme-challenge/Fu_tH7UGxJ5RVWwOnFnsBAvGRYlAxmpxu54uTJv6leQ:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-29-generic x86_64)

My hosting provider, if applicable, is:
It is my own laptop.

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


#2

Your web server has to be accessible from the internet in order for Let’s Encrypt to be able to issue you a certificate using the HTTP challenge.

At the moment, this isn’t the case. Visiting your IP address on port 80 just leads to a network timeout.

If xsun.io is your domain, you may be able to use the DNS challenge in combination with a Let’s Encrypt client that supports Cloudflare to get a certificate instead. This would bypass the requirement for your web server to be accessible from the internet.


#3

Thank you for the reply. I think I have figured out this problem. It is my ISP that causes this problem. I am in China and because some well-known reasons, China’s network condition is bad. The url I gave you is accessible in my region but not in America. That only happens on 80 port. I will try to use dns challenge as you said.


#4

@_az Thank you very much!! I have got the certificate with the certbot plugin dns-cloudflare. Sorry for my poor English. Thanks again!!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.