I'm having trouble getting certbot set-up

My domain is: http://waternlava.duckdns.org/

I ran this command: certbot certonly --standalone -d waternlava.duckdns.org

It produced this output:

My web server is (include version): Foundry Virtual Tabletop 0.7.9

The operating system my web server runs on is (include version): Windows 10 (2004)

My hosting provider, if applicable, is: duckdns

I can login to a root shell on my machine (yes or no, or I don't know): I don't know, I can login to an Admin shell

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I don't think so

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

I have forwarded ports 80 and 443 on my router and verified that waternlava.duckdns.org is forwarding to the right ip address. I have also opened my firewall on port 80 and to the python.exe in the certbot folder.


Welcome to the Let's Encrypt Community, Daniel :slightly_smiling_face:

I have confirmed that I can't reach waternlava.duckdns.org from my browser either.


Yes, I get that page too. How do I fix it? It says that it's likely a firewall problem. What should I change in my firewall configuration?


I'm not exactly sure. Have you been able to access you own website?

Keep in mind that the standalone authenticator will spin-up its own temporary webserver on port 80 for only the duration of satisfying the challenges. This shouldn't be possible if you already have a functioning webserver responding on port 80. I recommend adding --debug-challenges to your certbot command, which will pause certbot once the challenges have been setup so that you can take the time you need to test.

Does the DNS A record for waternlava.duckdns.org point to the machine where you're running certbot? If not, you can't use the standalone authenticator, which uses an http-01 challenge. You'll need to use a dns-01 challenge in that case.


I'm able to successfully access my webserver http://waternlava.duckdns.org:30000 from my mobile device with data.
I don't have anything on port 80, all I did so far is forwarded it to my device and open it's firewall.
I tried --debug-challenges and it did the same thing in the end.
The domain's A record points to my public IP address. If I go to waternlava.duckdns.org on my local network it brings me to my router page.
I don't know how to use the dns-01 challenge...


Port 80 might be used by the router itself.
You may have to move that to another port on the router first (to allow 80 to pass through).


Doesn't that mean that it's already been moved?



Wouldn't certbot throw a "can't bind port 80" when running standalone in that case?

See @schoen's post right below.

No, certbot --standalone can only see whether the port 80 of the host it's running on is in use, not whether a router is forwarding port 80 from another IP address to it or not.

1 Like

Is there anything I can do to fix this?
How do I check if port 80 is being used by the router?

1 Like

I got it working with DNS verification, thanks anyways!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.