Openmediavault Certbot and apache 2 problem

#1

Hi guys, i’m newer of this forum and i have to ask your help.
I run openmediavault on my raspberry p3+ and i want to secure it by remote access with my domain.
I went from ubuntu where i used openmediavault on vm and i always follow cerbot guide with no problem.
Run debian 9 (openmediavault) i find this problem:

Apache 2 correctly installed

root@raspberrypi:/# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): naszmhome.ddns.net
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for naszmhome.ddns.net
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. naszmhome.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://naszmhome.ddns.net/.well-known/acme-challenge/dAv5_5NqRg5c_R96MOi0i8f2GJOufZHxVSt2TCL3UCE: Error getting validation data

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: naszmhome.ddns.net
    Type: connection
    Detail: Fetching
    http://naszmhome.ddns.net/.well-known/acme-challenge/dAv5_5NqRg5c_R96MOi0i8f2GJOufZHxVSt2TCL3UCE:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Can you help me to solve this problem?

thanks a lot

#2

Hi @onluigi

your domain is invisible ( https://check-your-website.server-daten.de/?q=naszmhome.ddns.net ):

Domainname Http-Status redirect Sec. G
http://naszmhome.ddns.net/
95.250.93.92 -14 10.027 T
Timeout - The operation has timed out
https://naszmhome.ddns.net/
95.250.93.92 -2 1.260 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 95.250.93.92:443
http://naszmhome.ddns.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
95.250.93.92 -14 10.027 T
Timeout - The operation has timed out
Visible Content:

If you want to use http-01 validation, port 80 must be open. Instead, there is a timeout. And https blocks, looks like a firewall.

There are a lot of older Letsencrypt certificates:

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
1275892740 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-11 10:47:17 2019-06-09 09:47:17 naszmhome.ddns.net
1275607776 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-03-11 09:26:54 2019-06-09 08:26:54 naszmhome.ddns.net
1119784448 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-01-17 14:55:03 2019-04-17 13:55:03 naszmhome.ddns.net
1103724096 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-01-12 08:27:21 2019-04-12 07:27:21 naszmhome.ddns.net
1083765368 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-01-05 14:49:35 2019-04-05 13:49:35 naszmhome.ddns.net
1073683234 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-01-01 21:27:32 2019-04-01 20:27:32 naszmhome.ddns.net
1073670010 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-01-01 21:20:08 2019-04-01 20:20:08 naszmhome.ddns.net

Total 29. Perhaps you have used tls-sni-01 - validation, that’s deprecated.

If it is a home server, check your router settings:

external port 80 -> internal port 80 must answer.

1 Like
#3

Thanks a lot JuergenAuer, i forgot to change my old server ip on my router related to port 80.
Your explanation is awesome for me!
Bye