I'm having trouble getting certbot set-up

waterlava · January 8, 2021, 6:53pm

My domain is: http://waternlava.duckdns.org/

I ran this command: certbot certonly --standalone -d waternlava.duckdns.org

It produced this output:

My web server is (include version): Foundry Virtual Tabletop 0.7.9

The operating system my web server runs on is (include version): Windows 10 (2004)

My hosting provider, if applicable, is: duckdns

I can login to a root shell on my machine (yes or no, or I don't know): I don't know, I can login to an Admin shell

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I don't think so

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

I have forwarded ports 80 and 443 on my router and verified that waternlava.duckdns.org is forwarding to the right ip address. I have also opened my firewall on port 80 and to the python.exe in the certbot folder.

griffin · January 8, 2021, 9:20pm

Welcome to the Let's Encrypt Community, Daniel

I have confirmed that I can't reach waternlava.duckdns.org from my browser either.

waterlava · January 8, 2021, 9:54pm

Yes, I get that page too. How do I fix it? It says that it's likely a firewall problem. What should I change in my firewall configuration?

griffin · January 9, 2021, 12:37am

I'm not exactly sure. Have you been able to access you own website?

Keep in mind that the standalone authenticator will spin-up its own temporary webserver on port 80 for only the duration of satisfying the challenges. This shouldn't be possible if you already have a functioning webserver responding on port 80. I recommend adding --debug-challenges to your certbot command, which will pause certbot once the challenges have been setup so that you can take the time you need to test.

Does the DNS A record for waternlava.duckdns.org point to the machine where you're running certbot? If not, you can't use the standalone authenticator, which uses an http-01 challenge. You'll need to use a dns-01 challenge in that case.

waterlava · January 9, 2021, 1:52am

I'm able to successfully access my webserver http://waternlava.duckdns.org:30000 from my mobile device with data.
I don't have anything on port 80, all I did so far is forwarded it to my device and open it's firewall.
I tried --debug-challenges and it did the same thing in the end.
The domain's A record points to my public IP address. If I go to waternlava.duckdns.org on my local network it brings me to my router page.
I don't know how to use the dns-01 challenge...

rg305 · January 9, 2021, 3:43am

Port 80 might be used by the router itself.
You may have to move that to another port on the router first (to allow 80 to pass through).

waterlava · January 11, 2021, 2:33am

Doesn't that mean that it's already been moved?

griffin · January 11, 2021, 7:03am

@rg305

~~Wouldn't certbot throw a "can't bind port 80" when running standalone in that case?~~

See @schoen's post right below.

schoen · January 11, 2021, 5:56am

No, certbot --standalone can only see whether the port 80 of the host it's running on is in use, not whether a router is forwarding port 80 from another IP address to it or not.

waterlava · January 11, 2021, 3:06pm

Is there anything I can do to fix this?
How do I check if port 80 is being used by the router?

waterlava · January 12, 2021, 3:18am

I got it working with DNS verification, thanks anyways!