I'm using google domain and trying to get filecloud up and running on SSL
My web server is (include version):apache
The operating system my web server runs on is (include version): Windows 2016 server
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes. filecloud
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Here is the error I'm receiving on the command prompt after using
C:\WINDOWS\system32> certbot certonly --standalonewww.ellisaircraft.com
ErrorCertbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Any help is appreciated.
_az
February 18, 2023, 8:45pm
2
You'll want to go to your Google Cloud Domains and update your DNS records so that your domain points to your server.
You'll first need to remove the redirection to your IP address.
Then you'll need two "A" records:
ellisaircraft.com pointing to IP address 68.42.15.212 (assuming that's where certbot is running)
www.ellisaircraft.com pointing to IP address 68.42.15.212
Without doing these things first, you won't be able to get a certificate or get your website working.
5 Likes
Here is what I see for the domain name with nslookup.
$ nslookup -q=a ellisaircraft.com ns-cloud-a1.googledomains.com.
Server: ns-cloud-a1.googledomains.com.
Address: 216.239.32.106#53
Name: ellisaircraft.com
Address: 216.239.38.21
Name: ellisaircraft.com
Address: 216.239.32.21
Name: ellisaircraft.com
Address: 216.239.36.21
Name: ellisaircraft.com
Address: 216.239.34.21
$ nslookup -q=aaaa ellisaircraft.com ns-cloud-a1.googledomains.com.
Server: ns-cloud-a1.googledomains.com.
Address: 216.239.32.106#53
ellisaircraft.com has AAAA address 2001:4860:4802:34::15
ellisaircraft.com has AAAA address 2001:4860:4802:38::15
ellisaircraft.com has AAAA address 2001:4860:4802:32::15
ellisaircraft.com has AAAA address 2001:4860:4802:36::15
$ nslookup -q=cname www.ellisaircraft.com ns-cloud-a1.googledomains.com.
Server: ns-cloud-a1.googledomains.com.
Address: 216.239.32.106#53
www.ellisaircraft.com canonical name = ghs.googlehosted.com.
You are using the HTTP-01 challenge of the Challenge Types - Let's Encrypt
2 Likes
I removed the forwarding and added the two A entries.
1 Like
NS lookup?
Check using
curl -4 ifconfig.co
curl -6 ifconfig.co
or / and
curl -4 ifconfig.io
curl -6 ifconfig.io
1 Like
Ok; presently I see. Which is agreeing with your screen shot above.
$ nslookup -q=a ellisaircraft.com ns-cloud-a1.googledomains.com.
Server: ns-cloud-a1.googledomains.com.
Address: 216.239.32.106#53
Name: ellisaircraft.com
Address: 68.42.15.212
$ nslookup -q=aaaa ellisaircraft.com ns-cloud-a1.googledomains.com.
Server: ns-cloud-a1.googledomains.com.
Address: 216.239.32.106#53
*** Can't find ellisaircraft.com: No answer
$ nslookup -q=cname www.ellisaircraft.com ns-cloud-a1.googledomains.com.
Server: ns-cloud-a1.googledomains.com.
Address: 216.239.32.106#53
*** Can't find www.ellisaircraft.com: No answer
$ nslookup -q=a www.ellisaircraft.com ns-cloud-a1.googledomains.com.
Server: ns-cloud-a1.googledomains.com.
Address: 216.239.32.106#53
Name: www.ellisaircraft.com
Address: 68.42.15.212
1 Like
I am aware you are
so likely nothing is presently on Port 80.
Using Let's Debug shows "www.ellisaircraft.com has an A (IPv4) record (68.42.15.212) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.https://letsdebug.net/www.ellisaircraft.com/1379287 Best Practice - Keep Port 80 Open
Using nmap -Pn shows not accessible ports
$ nmap -Pn www.ellisaircraft.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-18 15:45 PST
Nmap scan report for www.ellisaircraft.com (68.42.15.212)
Host is up.
rDNS record for 68.42.15.212: c-68-42-15-212.hsd1.tn.comcast.net
All 1000 scanned ports on www.ellisaircraft.com (68.42.15.212) are filtered
Nmap done: 1 IP address (1 host up) scanned in 203.54 seconds
1 Like
Thanks. Please recognize my gratitude.
2 Likes
beech2000:
Windows 2016 server
I assume Web Server (IIS)
I'll let the Windows Server IIS knowledgeable Let's Encrypt community volunteers to assist.
1 Like
I haven't used IIS. Yes to Win 2016 server.
1 Like
_az
February 19, 2023, 12:43am
15
The new "timeout during connect" error is progress
What you are missing now is that you will need to forward port 80 on your router/modem towards your Windows server, and permit port 80 traffic in your Windows Firewall.
You need to do this because Let's Encrypt needs to be able to connect to your website. At the moment it can't.
3 Likes
beech2000:
I haven't used IIS.
Sorry, my bad!
Please look to Apache forums
1 Like
Seem to be understanding thanks to all on how Lets Encrypt authenticates. So Many thanks!!!
2 Likes
rg305
February 19, 2023, 1:38am
19
There seems to still be some sort of firewall blocking the HTTP challenge requests.
2 Likes
I've rebooted the server, router. Trying certbot now
.
