Lets Encrypt & Port 80 Issues

My domain is: honkymedia.shop

I ran this command: N/A

It produced this output:

Domain: honkymedia.shop
Type: connection
Detail: Fetching
http://honkymedia.shop/.well-known/acme-challenge/9F15fZCQJRYqsSorsGAPne7K2pmnJBkYtxtOlZ3d-f4:
Connection refused

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

My web server is (include version): Unraid 6.7.0

The operating system my web server runs on is (include version): Unraid 6.7.0

My hosting provider, if applicable, is: Namecheap

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No? Namecheap and duckdns

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): linuxserver/letsencrypt

I have had this running fine for the last year. Yesterday I installed lidarr docker, changed the lidar.subdomain.conf.sample to remove “.sample”, and updated all my dockers. Everything worked, I believe, until I did the update. So, I wiped it clean and started fresh, but I am still receiving errors that LetsEncrypt cannot talk to my domain name.

Letsdebug.net:

ANotWorking

ERROR

honkymedia.shop has an A (IPv4) record (185.198.126.26) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

Get http://honkymedia.shop/.well-known/acme-challenge/letsdebug-test: dial tcp 185.198.126.26:80: connect: connection refused

Trace:
@0ms: Making a request to http://honkymedia.shop/.well-known/acme-challenge/letsdebug-test (using initial IP 185.198.126.26)
@0ms: Dialing 185.198.126.26
@147ms: Experienced error: dial tcp 185.198.126.26:80: connect: connection refused

Docker Setup:

Port Forward Table:
[TCP] [Ext Port: 443] to [Int Port: 1443] [IP:192.168.1.23]
[TCP] [Ext Port: 80] to [Int Port: 180] [IP:192.168.1.23]

Edit: NameCheap is also setup correctly, pointing all the subdomains to honkymedia.duckdns.org, and using the IP address in the debug log for the A record. That IP was provided by DuckDNS.

Edit: I also have several subdomains for honkymedia.shop, sonarr.honkymedia.shop, radarr.honkymedia.shop, etc. All produced the same error in Lets Encrypt logs and on LetsDebug, didn’t include them in the log because it would be the same error 8 times…

Hi @HonkyKONG22

are you sure your ip address is correct?

Checked your domain ( https://check-your-website.server-daten.de/?q=honkymedia.shop ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
honkymedia.shop A 185.198.126.26 Washington D.C./District of Columbia/United States (US) - US AIRFORCE INCIRLIK AIRBASE No Hostname found yes 1 0
AAAA yes
www.honkymedia.shop Name Error yes 1 0

US Airforce as ip-address?

Ok, may be wrong. But checked with another tool there is a position, so Incirlik looks correct.

And your complete domain is invisible:

Domainname Http-Status redirect Sec. G
http://honkymedia.shop/
185.198.126.26 -2 1.234 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 185.198.126.26:80
https://honkymedia.shop/
185.198.126.26 -2 1.233 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 185.198.126.26:443
http://honkymedia.shop/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.198.126.26 -2 1.243 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 185.198.126.26:80
Visible Content:

Not only http, same with https.

ok, so the IP address that appears in duckdns is not the IP address I should be using?

How do I know what IP address I should be using?

This may have happened because I changed my DuckDNS to a new one in an attempt to fix this, but I assume I wassn’t supposed to use the IP address that it says in DuckDNS?

EDIT: I changed the IP to my public IP and it looks like i got somewhere better with that tool, however it still isn’t getting through on port 80.

PS: Yeah, I’m at Incirlik AB right now, it’s a local national Internet provider, Air Force has IPs but not for us haha.

I don’t know.

If it is a home server, then you have to use the ip address of your provider. But the Air Force Address may not work (I think or I hope, would be terrible if that would be possible).

So you need a second ip address from your national internet provider.

Now - https://check-your-website.server-daten.de/?q=honkymedia.shop - you have a new ip address:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
honkymedia.shop A 65.191.18.22 Fayetteville/North Carolina/United States (US) - Spectrum Hostname: cpe-65-191-18-22.nc.res.rr.com yes 1 0
AAAA yes
www.honkymedia.shop Name Error yes 1 0

But it’s blocked.

Some ISP blocks such requests.

Perhaps it may be easier if you use dns-01 validation.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.