Noob question: how to open port 80 for certbot?

Hi, to test how far I get in this certbot procedure I tried to set up SSL for a Vserver at 82.165.187.242 serving the domain www.comedyberlin.net ... and I couldnt get far. Any help appreciated! Seems like I have to open port 80 for certbot to do its thing, but I have no idea how to do so. I have a little node js server running on port 80 though, does it mean I would have to set up some path there for certbot to get the files it demands?
Thanks for your help!
:pray:

My domain is: comedyberlin.net

I ran this command:

sudo certbot certonly --standalone

It produced this output:

Requesting a certificate for comedyberlin.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: comedyberlin.net
Type: unauthorized
Detail: 2001:8d8:100f:f000::23f: Invalid response from http://comedyberlin.net/.well-known/acme-challenge/kpsmYpb4iRCH8xk4nz3IDNKc9GigXllBKJlSXRV8tmY: 204

My web server is (include version): Node JS

The operating system my web server runs on is (include version): Ubuntu 20

My hosting provider, if applicable, is: IONOS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.26.0

See the difference? :wink:

4 Likes

Who's IP is that?

Name:    2001-08d8-100f-f000-0000-0000-0000-023f.elastic-ssl.ui-r.com
Address: 2001:8d8:100f:f000::23f
2 Likes

It might even be right but the webserver is only listening on IPv4? (And doesn't like me)

# curl -4IL comedyberlin.net
curl: (7) Failed to connect to comedyberlin.net port 80 after 35 ms: Connection refused
# curl -6IL comedyberlin.net                                    
curl: (7) Couldn't connect to server
# curl -4IL www.comedyberlin.net                                
curl: (6) Could not resolve host: www.comedyberlin.net
# curl -4IL https://comedyberlin.net
curl: (7) Failed to connect to comedyberlin.net port 443 after 9 ms: Connection refused                                                        
# curl -6IL https://comedyberlin.net                            
curl: (7) Couldn't connect to server
% whois 2001:8d8:100f:f000::23f
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '2001:8d8:1000::/44'

% Abuse contact for '2001:8d8:1000::/44' is 'abuse@oneandone.net'

inet6num:       2001:8d8:1000::/44
netname:        IONOS-NETWORK
descr:          1&1 IONOS SE
country:        EU
org:            ORG-SA12-RIPE
admin-c:        IPAD-RIPE
tech-c:         IPOP-RIPE
remarks:        in case of abuse or spam, please mailto: abuse@oneandone.net
status:         AGGREGATED-BY-LIR
assignment-size: 56
mnt-by:         AS8560-MNT
created:        2012-08-29T10:47:33Z
last-modified:  2020-11-27T17:15:36Z
source:         RIPE # Filtered

organisation:   ORG-SA12-RIPE
org-name:       IONOS SE
country:        DE
org-type:       LIR
address:        Hinterm Hauptbahnhof 5
address:        76137
address:        Karlsruhe
address:        GERMANY
phone:          +49 721 91374 0
fax-no:         +49 721 91374 212
mnt-ref:        RIPE-NCC-HM-MNT
mnt-ref:        AS8560-MNT
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         AS8560-MNT
admin-c:        IPAD-RIPE
abuse-c:        ABDE2-RIPE
created:        2004-04-17T11:11:55Z
last-modified:  2021-08-05T05:33:57Z
source:         RIPE # Filtered

role:           IP Administration
address:        1&1 IONOS SE
admin-c:        JR2342-RIPE
admin-c:        SH15342-RIPE
tech-c:         JR2342-RIPE
tech-c:         SH15342-RIPE
nic-hdl:        IPAD-RIPE
abuse-mailbox:  abuse@oneandone.net
mnt-by:         AS8560-MNT
created:        2009-05-20T17:24:09Z
last-modified:  2020-11-27T12:38:59Z
source:         RIPE # Filtered

role:           IP Operations
address:        1&1 IONOS SE
admin-c:        JR2342-RIPE
admin-c:        SH15342-RIPE
tech-c:         JR2342-RIPE
tech-c:         SH15342-RIPE
nic-hdl:        IPOP-RIPE
abuse-mailbox:  abuse@oneandone.net
mnt-by:         AS8560-MNT
created:        2009-05-28T16:25:04Z
last-modified:  2020-11-27T12:40:30Z
source:         RIPE # Filtered

% Information related to '2001:8d8::/32AS8560'

route6:         2001:8d8::/32
descr:          DE-IONOS-20020910
origin:         AS8560
mnt-by:         AS8560-MNT
created:        2006-08-03T11:11:31Z
last-modified:  2020-11-27T18:41:31Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.102.3 (BLAARKOP)
1 Like

yes, i do :slight_smile:

I only added the server at the A record. For the other one (AAAA record) IONOS used their own? Unfortunately I cannot add the 82. ... address there since Ipv6 is required.. how can I go from here?

yes it is, I deleted the AAAA record until I know how to set it up with the server address. no luck so far though :slight_smile:

What error do you get now from the certbot standalone command from your first post?

2 Likes

If you've removed the AAAA resource record, the error should be different this time. Well, idealy no error at all, but we'd like to see what you're getting now.

3 Likes