Noob question: how to open port 80 for certbot?

kharson2 · April 29, 2022, 4:07pm

Hi, to test how far I get in this certbot procedure I tried to set up SSL for a Vserver at 82.165.187.242 serving the domain www.comedyberlin.net ... and I couldnt get far. Any help appreciated! Seems like I have to open port 80 for certbot to do its thing, but I have no idea how to do so. I have a little node js server running on port 80 though, does it mean I would have to set up some path there for certbot to get the files it demands?
Thanks for your help!

My domain is: comedyberlin.net

I ran this command:

sudo certbot certonly --standalone

It produced this output:

Requesting a certificate for comedyberlin.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: comedyberlin.net
Type: unauthorized
Detail: 2001:8d8:100f:f000::23f: Invalid response from http://comedyberlin.net/.well-known/acme-challenge/kpsmYpb4iRCH8xk4nz3IDNKc9GigXllBKJlSXRV8tmY: 204

My web server is (include version): Node JS

The operating system my web server runs on is (include version): Ubuntu 20

My hosting provider, if applicable, is: IONOS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.26.0

Osiris · April 29, 2022, 4:20pm

See the difference?

rg305 · April 30, 2022, 3:09am

Who's IP is that?

Name:    2001-08d8-100f-f000-0000-0000-0000-023f.elastic-ssl.ui-r.com
Address: 2001:8d8:100f:f000::23f

9peppe · April 30, 2022, 7:50am

It might even be right but the webserver is only listening on IPv4? (And doesn't like me)

# curl -4IL comedyberlin.net
curl: (7) Failed to connect to comedyberlin.net port 80 after 35 ms: Connection refused
# curl -6IL comedyberlin.net                                    
curl: (7) Couldn't connect to server
# curl -4IL www.comedyberlin.net                                
curl: (6) Could not resolve host: www.comedyberlin.net
# curl -4IL https://comedyberlin.net
curl: (7) Failed to connect to comedyberlin.net port 443 after 9 ms: Connection refused                                                        
# curl -6IL https://comedyberlin.net                            
curl: (7) Couldn't connect to server

% whois 2001:8d8:100f:f000::23f
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '2001:8d8:1000::/44'

% Abuse contact for '2001:8d8:1000::/44' is 'abuse@oneandone.net'

inet6num:       2001:8d8:1000::/44
netname:        IONOS-NETWORK
descr:          1&1 IONOS SE
country:        EU
org:            ORG-SA12-RIPE
admin-c:        IPAD-RIPE
tech-c:         IPOP-RIPE
remarks:        in case of abuse or spam, please mailto: abuse@oneandone.net
status:         AGGREGATED-BY-LIR
assignment-size: 56
mnt-by:         AS8560-MNT
created:        2012-08-29T10:47:33Z
last-modified:  2020-11-27T17:15:36Z
source:         RIPE # Filtered

organisation:   ORG-SA12-RIPE
org-name:       IONOS SE
country:        DE
org-type:       LIR
address:        Hinterm Hauptbahnhof 5
address:        76137
address:        Karlsruhe
address:        GERMANY
phone:          +49 721 91374 0
fax-no:         +49 721 91374 212
mnt-ref:        RIPE-NCC-HM-MNT
mnt-ref:        AS8560-MNT
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         AS8560-MNT
admin-c:        IPAD-RIPE
abuse-c:        ABDE2-RIPE
created:        2004-04-17T11:11:55Z
last-modified:  2021-08-05T05:33:57Z
source:         RIPE # Filtered

role:           IP Administration
address:        1&1 IONOS SE
admin-c:        JR2342-RIPE
admin-c:        SH15342-RIPE
tech-c:         JR2342-RIPE
tech-c:         SH15342-RIPE
nic-hdl:        IPAD-RIPE
abuse-mailbox:  abuse@oneandone.net
mnt-by:         AS8560-MNT
created:        2009-05-20T17:24:09Z
last-modified:  2020-11-27T12:38:59Z
source:         RIPE # Filtered

role:           IP Operations
address:        1&1 IONOS SE
admin-c:        JR2342-RIPE
admin-c:        SH15342-RIPE
tech-c:         JR2342-RIPE
tech-c:         SH15342-RIPE
nic-hdl:        IPOP-RIPE
abuse-mailbox:  abuse@oneandone.net
mnt-by:         AS8560-MNT
created:        2009-05-28T16:25:04Z
last-modified:  2020-11-27T12:40:30Z
source:         RIPE # Filtered

% Information related to '2001:8d8::/32AS8560'

route6:         2001:8d8::/32
descr:          DE-IONOS-20020910
origin:         AS8560
mnt-by:         AS8560-MNT
created:        2006-08-03T11:11:31Z
last-modified:  2020-11-27T18:41:31Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.102.3 (BLAARKOP)

kharson2 · April 30, 2022, 3:10pm

yes, i do

I only added the server at the A record. For the other one (AAAA record) IONOS used their own? Unfortunately I cannot add the 82. ... address there since Ipv6 is required.. how can I go from here?

kharson2 · April 30, 2022, 3:11pm

yes it is, I deleted the AAAA record until I know how to set it up with the server address. no luck so far though

MikeMcQ · April 30, 2022, 3:24pm

What error do you get now from the certbot standalone command from your first post?

Osiris · April 30, 2022, 3:40pm

If you've removed the AAAA resource record, the error should be different this time. Well, idealy no error at all, but we'd like to see what you're getting now.

system · May 30, 2022, 3:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.