Let's encrypt ssl certificate error

Hi
i have just installed jitsi meet server in my ubuntu machine and i’m trying to apply for a let’s encrypt ssl certificate . so when i ran this command:
sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
it shows this error :

root@jitsi:~# sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

This script will:

• Need a working DNS record pointing to this machine(for domain example.ddns.net)
• Download certbot-auto from https://dl.eff.org to /usr/local/sbin
• Install additional dependencies in order to request Let’s Encrypt certificate
• If running with jetty serving web content, will stop Jitsi Videobridge
• Configure and reload nginx or apache2, whichever is used

You need to agree to the ACME server’s Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
by providing an email address for important account notifications
Enter your email and press [ENTER]: geniussoft2019@gmail.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.ddns.net
Using the webroot path /usr/share/jitsi-meet for all unmatched domains.
Waiting for verification…
Challenge failed for domain example.ddns.net
http-01 challenge for example.ddns.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:Domain: example.ddns.net
  Type: connection
  Detail: Fetching
  http://example.ddns.net/.well-known/acme-challenge/RmUdqMiICD0-VLjcHAPleAblpZaiRKe9xsSS-4ZmZms:
  Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

so what’s went wrong ? thanks

Hi @GeniusSoft

what's your domain name? You need a public visible domain and an open port 80. Your port 80 doesn't answer.

MY DNS is : geniussoft.ddns.net
please how can i verify that my port 80 is opened

Use online tools like https://check-your-website.server-daten.de/

I verify it . I have an open port 80

No. There you see the problem - https://check-your-website.server-daten.de/?q=geniussoft.ddns.net

You have ipv4 and ipv6 addresses:

But your ipv6 doesn't work.

There is a timeout. That's critical, Letsencrypt prefers ipv6 and can't check your validation file.

So

• fix your ipv6 (or)
• remove the ipv6 dns AAAA entry, create a new certificate, then fix your ipv6.

You can check the ipv6 directly - use 2001:5c0:1000:b::213d in the main field. So you can check your setup without having an AAAA entry.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.