Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
NOTE: I can use telnet to verify that port 80 and 443 are open. I shutdown the process before using certbot.
My domain is:
derp.localtest.live
I ran this command:
sudo certbot certonly --standalone
It produced this output:>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): derp.localtest.live
Requesting a certificate for derp.localtest.live
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/
letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
not using a web server per se. running a derp server in a docker container
The operating system my web server runs on is (include version):
ubuntu 22.04
My hosting provider, if applicable, is:
oracle cloud
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.9.0
Sorry, I still don't see anything answering.
Maybe you can test it yourself from another system over the Internet.
I would simply try: curl -Ii derp.localtest.live
PS C:\Users\brook> telnet derp.localtest.live 80
Connecting To derp.localtest.live...
but it just hangs
just for laughs
PS C:\Users\brook> telnet derp.localtest.live 22
Connecting To derp.localtest.live...
the above makes a connection
I am looking at the Oracle Cloud Default Security List for my account and I allow 443 80 22 and some udp stuff through.
I'll let you know if I figure out anything - mostly by changing things and see what happens.
This used to work on the other instance I had setup. I am trying to move to a different processor. Going from intel to something like an ARM but not the same brand.
I did find that oracle cloud instances don't like ufw
And this seems likely for the latest version too. In my first try at this that worked I was using instructions that said I should install firewalld to manage the firewall which i did. I am in the middle of trying out firewalld to solve the problem. However, during the install process my instance crashed. Trying to recover now.
Presently I see Ports 80 & 443 filtered (i.e. blocked) from the viewpoint of the Internet.
Do you have a firewall and/or router filtering or blocking or dropping on TCP Ports 80 & 443?
$ nmap -Pn -p80,443 derp.localtest.live
Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-21 23:49 UTC
Nmap scan report for derp.localtest.live (164.152.109.86)
Host is up.
PORT STATE SERVICE
80/tcp filtered http
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 3.50 seconds
yes I do that is the problem. I wanted to use ufw but that is not possible in the oracle cloud instances so now I am getting up to speed on iptables. I wanted to install firewalld but that crashed my other test system. Now I am working on getting iptables to open 80 and 443 and other ports I need for my project.
FYI - @mooncaptain Presently I see Ports 80 & 443 CLOSED
$ nmap -Pn -p80,443 derp.localtest.live
Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-22 02:33 UTC
Nmap scan report for derp.localtest.live (164.152.109.86)
Host is up (0.057s latency).
PORT STATE SERVICE
80/tcp closed http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
looks like a good firewall management system. the iptables on all the oracle cloud infrastructure linux boxes is tightly integrated with their cloud network. I would have to build all that from scratch in firehol so probably not going to do that in this instance. I have already opened up all the necessary ports using iptables. I seem to remember doing all this years ago - it looks a lot like how a mikrotik router gets programmed.
I haven't got my server working but I do have the certificates all loaded and the connection is encrypted.
The solution for Oracle Cloud infrastructure boxes is don't use ufw it doesn't work. Use iptables instead to open ports.