Is there a way to register .tk domains using certbot?

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
codename2221.tk
I ran this command:
certbot certonly --standalone -v
It produced this output:
Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): codename2221.tk
Requesting a certificate for codename2221.tk
Performing the following challenges:
http-01 challenge for codename2221.tk
Waiting for verification...
Challenge failed for domain codename2221.tk
http-01 challenge for codename2221.tk

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: codename2221.tk
Type: unauthorized
Detail: 195.20.44.113: Invalid response from codename2221.tk "\n\n\n \n <titl"

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
a node js server running using npm start
The operating system my web server runs on is (include version):
windows 10
My hosting provider, if applicable, is:
self
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.2.0

I dont know how to get my freenom domain correctly set up so it wont use a frame to hold the website which brakes certbot so, if anyone knows how to fix that, or how to get certbot to accept it anyways then it would be helpful!

2

Hello @indexerr, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using this online tool https://check-host.net/ this Permanent link to this check report is showing several different error for plain old HTTP Port 80.
The HTTP-01 challenge needs Port 80.
Best Practice - Keep Port 80 Open

I realize you are

which I would expect that Port 80 would only be active during the execution of that command.
Yet there is something on Port 80 (with connectivity issues) so I suspect some conflict.
I am still investigating.

$ nmap -Pn codename2221.tk
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-16 13:21 PST
Nmap scan report for codename2221.tk (195.20.44.113)
Host is up (0.16s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 17.19 seconds

$ curl -Ii http://codename2221.tk/.well-known/acme-challenge/sometestfile
HTTP/1.1 504 Gateway Time-out
Server: nginx
Date: Thu, 16 Feb 2023 21:23:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 132
Connection: keep-alive
1 Like
3

Hi! Yes, the server does get errors when a lot of things are connected to it. I'm hosting this on my PC, just for a school thing. I dont believe that the errors shown there are because I closed port 80, its because my PC is dumb and slow, whats intresting is that it says im running nginx, which im not. I'm assuming this is because i've configured something weird in my domain settings

image
image722×221 10.4 KB

This is how I'm redirecting the domain to my ip, there might be some other way to do it in freenom like through the custom dns stuff but if you could im not sure how. Im working on trying to figure that out.

well i did something and now its redirecting to a 404 page of Freenom... huh

4

I buy that.

https://zonemaster.net/en/result/d9371ff4537e75ef has 2 critical errors
and https://dnsspy.io/scan/codename2221.tk Oops! No nameservers found.

1 Like
5

And Let's Debug is reporting No valid A or AAAA records
https://letsdebug.net/codename2221.tk/1377028?debug=y

1 Like
6

okay, im trying to use the dns stuff instead of the weird frame thing, it should update in 30 minutes according to freenom so hopefully it works.

1 Like
7

Okay, well it updated and its just complaining about a timeout now, which is weird because i can access it from my computer through the domain now, would this be a firewall issue or something

Hmm, I cant access it from my phone either using the ip or domain, even though I literally have the firewall turned off.

The code listens on every interface, so I don't know how this would happen.

8

Ok; this shows your updated IPv4 Address Permanent link to this check report
And this shows trying to connect to HTTP (i.e. Port 80) Permanent link to this check report
also https://letsdebug.net/codename2221.tk/1377053

1 Like
9

And supplemental information

$ nmap -Pn codename2221.tk
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-16 14:17 PST
Nmap scan report for codename2221.tk (68.102.180.242)
Host is up.
rDNS record for 68.102.180.242: ip68-102-180-242.ks.ok.cox.net
All 1000 scanned ports on codename2221.tk (68.102.180.242) are filtered

Nmap done: 1 IP address (1 host up) scanned in 203.13 seconds

$ nslookup -q=any codename2221.tk ns01.freenom.com.
;; Truncated, retrying in TCP mode.
Server:         ns01.freenom.com.
Address:        54.171.131.39#53

codename2221.tk
        origin = ns01.freenom.com
        mail addr = soa.freenom.com
        serial = 1676584712
        refresh = 10800
        retry = 3600
        expire = 604800
        minimum = 3600
codename2221.tk nameserver = ns01.freenom.com.
codename2221.tk nameserver = ns03.freenom.com.
codename2221.tk nameserver = ns04.freenom.com.
codename2221.tk nameserver = ns02.freenom.com.
Name:   codename2221.tk
Address: 68.102.180.242
1 Like
10

Hmm, i think whats happening is my router is blocking the request because it thinks im trying to access its web interface externally, so it doesnt let the request go through, I'm checking to see if theres a way to fix that.

I can't find anything on this on the ddwrt forums which is my router software so I think im out of ideas.

2 Likes
11

Generally you would want to look for something like Port Forwarding or maybe DMZ,
and see if your router can change which Port it runs its own Web Interface on.

4 Likes
12

I tried the DMZ and it didnt do anything, not even trying to connect using a different port for the port forwarding works, the option to allow foreign computers is on, the port forwarding all looks correct, the logs on the router dont show any trace of an incoming connection. I would try to change the web interface port but it looks like my software version doesnt support it

1 Like
13

Here are some links I quickly found that might be helpful (then again maybe not)

2 Likes
14

And a couple more:

2 Likes
15

I just waited a while and it just fixed itself????? I don't know if it was router changes taking too long or something but im not complaining.

Nevermind it stopped again.

1 Like
16

Sounds like time for a software update or a new(er) router.

You could also try your hand at DNS-01 authentication.
Delegate/CNAME the ACME DNS challenge requests to your IP [port 53 (TCP&UDP)].

3 Likes
17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.