Hi @jtreg,
Looks like there has been some improvement in the DNS;
however using --standalone we will still see "ERRORs"
See this for more advise Certbot stand-alone return error Timeout during connect (likely firewall problem) - #4 by MikeMcQ
https://letsdebug.net/jtreg.duckdns.org/1975336
ANotWorking
ERROR
jtreg.duckdns.org has an A (IPv4) record (140.228.51.50) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://jtreg.duckdns.org/.well-known/acme-challenge/letsdebug-test": dial tcp 140.228.51.50:80: connect: connection refused
Trace:
@0ms: Making a request to http://jtreg.duckdns.org/.well-known/acme-challenge/letsdebug-test (using initial IP 140.228.51.50)
@0ms: Dialing 140.228.51.50
@5830ms: Experienced error: dial tcp 140.228.51.50:80: connect: connection refused
IssueFromLetsEncrypt
ERROR
A test authorization for jtreg.duckdns.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
140.228.51.50: Fetching http://jtreg.duckdns.org/.well-known/acme-challenge/pcm9l1q-PBtH-JBgZo766OC7rIeSotEpU0Rp2TqMMI4: Connection refused
Using nmap shows Port 80 & 443 are filtered (i.e. blocked)
$ nmap -Pn -p80,443 jtreg.duckdns.org
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-23 11:39 PDT
Nmap scan report for jtreg.duckdns.org (140.228.51.50)
Host is up.
rDNS record for 140.228.51.50: 51.228.140.50.bcube.co.uk
PORT STATE SERVICE
80/tcp filtered http
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 3.52 seconds
Seeing the above indicates the use of HTTP-01 challenge the most common; and states
"The HTTP-01 challenge can only be done on port 80."