Problem generating cert using openmediavault plugin


#1

HI,

I installed openmediavault letsencrypt plugin. Everything worked fine until I generated the cert.

Here’s the error message I received :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for kaufranitz.net
Using the webroot path /var/www/openmediavault for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. kaufranitz.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to kaufranitz.net
IMPORTANT NOTES:
** - If you lose your account credentials, you can recover through**
** e-mails sent to camaalot@gmail.com.**
** - The following errors were reported by the server:**

** Domain: kaufranitz.net**
** Type: connection**
** Detail: Could not connect to kaufranitz.net**

** To fix these errors, please make sure that your domain name was**
** entered correctly and the DNS A record(s) for that domain**
** contain(s) the right IP address. Additionally, please check that**
** your computer has a publicly routable IP address and that no**
** firewalls are preventing the server from communicating with the**
** client. If you’re using the webroot plugin, you should also verify**
** that you are serving files from the webroot path you provided.**
** - Your account credentials have been saved in your Certbot**
** configuration directory at /etc/letsencrypt. You should make a**
** secure backup of this folder now. This configuration directory will**
** also contain certificates and private keys obtained by Certbot so**
** making regular backups of this folder is ideal.**
Done…


  1. the DNS A is correctly propagated.
  2. The IP address is OK
  3. All ports on firewall are open : 192.168.1.98:80 and 443

Can you help me with this problem, please !

Camaalot


#2

Apparently, that’s not enough, your IP address is totally unreachable:

osiris@desktop ~ $ telnet kaufranitz.net 80
Trying 173.246.12.37...
telnet: connect to address 173.246.12.37: Connection refused
osiris@desktop ~ $

#3

hi @Camaalot

double check your configs on server and firewall

You are letting port 21 through so that should serve as a reference for configs :smiley:

Andrei


#4

@ahaw021, the state “closed” commonly means that there is no TCP listener bound to that point, distinct from “filtered” which refers to a firewall preventing connections:

The state is either open, filtered, closed, or unfiltered. Open. means that an application on the target machine is listening for connections/packets on that port. Filtered. means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed. ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered. when they are responsive to Nmap's probes, but Nmap cannot determine whether they are open or closed.

@Camaalot, for webroot authentication, you must have an existing web server listening on port 80 that is already reachable from the public Internet. Is that the case in your setup? The evidence from @ahaw021’s experiment suggests that you don’t have an existing reachable web server, even though I’m not convinced that’s necessary due to firewall settings.


#5

i have seen closed on port forwarding not set up correctly

hence asking to check the firewall and server :smiley:

Andrei


#6

Hi,

I resolved the problem . I’m installing the cert using openmediavault letsencrypt plugin.
Openmediavault was set to a different port than 80. Setting back to 80, it worked.

So thanks you all for your replies.

Guy Durand


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.