Problem certificate NGINX ARM Debian

Hi, I need a help from you.

I explain my configuration

1. I use a Debian server on ARM architetture.

2. I installed NGINX web server and work fine.

3. for now I don’t have enable any firewall system.

4. My isp does not allow me to open the port 80, so I could open the 8080 and 443 ports and correctly configured and tested the nginx operation.

5. I have configured a dynamic DNS with the ddclient software, example: mywebsite.dyndns.com

6. I created 2 CNAME record example:
   mywebsite.mydomain.com >> mywebsite.dyndns.com
   www.mywebsite.mydomain.com >> mywebsite.dyndns.com

7. controlled via browser both the http and https connections and everything is working

Now the problem:

I try to create a certificate for: mywebsite.mydomain.com and www.mywebsite.mydomain.com but without success.

I try to use this command:

certbot --authenticator standalone --installer nginx --http-01-port 8080 --tls-sni-01-port 443 -d mywebsite.mydomain.com -d www.mywebsite.mydomain.com --pre-hook “service nginx stop” --post-hook “service nginx start”

But don’t work:

ok “service nginx start”
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Running pre-hook command: service nginx stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mywebsite.mydomain.com
http-01 challenge for www.mywebsite.mydomain.com
Waiting for verification…
Cleaning up challenges
Running post-hook command: service nginx start
Failed authorization procedure. mywebsite.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mywebsite.mydomain.com/.well-known/acme-challenge/j7uhKmDTsUFUGe58tfhM9Ctge0gi9T6nr5FXYiIaevw: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: mywebsite.mydomain.com
  Type: connection
  Detail: Fetching
  http://mywebsite.mydomain.com/.well-known/acme-challenge/j7uhKmDTsUFUGe58tfhM9Ctge0gi9T6nr5FXYiIaevw:
  Timeout during connect (likely firewall problem)

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

Thanks

Hi,

You’ll need to use DNS-01 validation since http-01 only connect to port 80 first.

Thank you

i tr to read a manual od certbt, And I undestan i must to open a port 53 on the router.
This is not possible from my ISP
I'm not a expert can you give me same command example or alternative?

You won’t need to add that to your router. Instead you would add the validation records to the dyndns…

Thank you

Thanks, but I resolved, I installed miniupnpc on debian server. And every think are ok now.

Regards

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.