Problem Certbot Port 80 standalone

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dashboard.univ-st-etienne.fr

I ran this command: certbot certonly --standalone -v -d dashboard.univ-st-etienne.fr

It produced this output: Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: dashboard.univ-st-etienne.fr
Type: connection
Detail: 161.3.152.197: Fetching http://dashboard.univ-st-etienne.fr/.well-known/acme-challenge/tdoCRfPom8C3p3LweFhPR7dDq7_pMKvXlVi2IPYfwB0: Timeout during connect (likely firewall problem)

My web server is (include version): standalone

The operating system my web server runs on is (include version): Ubuntu 24.04

My hosting provider, if applicable, is: Its mine

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Putty

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 3.1.0

Hello,

I don't understand why my command isn't working. I've checked everything, my firewall isn't blocking anything, but it seems like the command isn't going through my proxy. However, I've properly set my environment variables: http_proxy, https_proxy, and no_proxy.

Any solutions?

The --standalone method is difficult to debug because you need to keep Certbot running to test connection from the public internet.

A way to test this easier is to use these command options

certbot certonly --standalone --dry-run --debug-challenges -v -d (domain)

This command will show you the challenge URL to try from the public internet and the proper response. After showing you this it will say "Press Enter to Continue". DO NOT PRESS ENTER.

Leave it paused like that and use a different device on the public internet to test connection. You can use a mobile phone with wifi disabled so use your carrier's network.

You do not have to use the full URL. Just try http://(yourdomain)

If the connection works this shorter URL should see a response like below. Use this technique to modify your comms setup until it works.

ACME client standalone challenge solver

That said, if the ACME server returns a "Timeout during connect (likely firewall problem)" error, it most likely is a firewall problem, and/or, perhaps an incorrect or missing NAT portmap, if applicable. Even with the standalone authenticator.

Also:

Proxy settings are just for the communication from Certbot to the ACME server. It is NOT applicable for any incoming http-01 challenge request, as those originate from the ACME server directly to your hostname/IP address. Any firewall or (reverse) proxy will need to somehow handle that. It is not something Certbot magically will do for you.

The fact that Certbot can communicate with the ACME server shows that your proxy settings are correct and working properly.. They just don't apply for the incoming http-01 challenge.