Problem using port certbot from py-certbot on FreeBSD 10.2 in webroot mode


I’m running a FreeBSD 10.2.
Compiled and installed certbot from py-certbot port.
I’m running the following command:
certbot certonly --webroot -w /isle/www/mydomainnam g -d mydomainname

(for sure I use my real server mydomainname)

It returns the following:
Failed authorization procedure. domainname (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to http://mydomainname/.well-known/acme-challenge/uGDEAuNd5BQYMe250CTVaZRKgFtoSVbUoIiVM2Rn3LE

I have verified that the /isle/www/mydomainname/ has appropriate folder.
I also verified that I have allowed external connection to my port 80.
Here is what I see with tcpdump:

13:40:25.306883 IP > myservername.http: Flags [S], seq 773495659, win 5840, options [mss 1460,sackOK,TS val 1172712281 ecr 0,nop,wscale 1], length 0
13:40:25.306911 IP myservername.http > Flags [R.], seq 0, ack 773495660, win 0, length 0

This is a standalone FreeBSD server.
I’m not using cloud hosting.

Anyone could please help?


Can you reach that location generally from the web ? (I can’t check, since you didn’t provide your domain name )


That is a mail server with dovecot and exim, so I do not have any web server running on it.
But if I do “nc -l 80” I see my request sent from a browser.
Also I posted output from tcpdump that clearly shows that requests are coming.
certbot was executed in a webroot mode. I.e. it should serve as a web server, right?
And it seems that it is not doing so.


This is what I see in the logs:

2016-08-18 12:35:16,442:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’RLdMzp-5AQMct5XBE9feiPMq4Tsn1dMyJ_O9voJmA6I’, u’type’: u’dns-01’, u’uri’: u’’}
2016-08-18 12:35:16,443:INFO:certbot.reporter:Reporting to user: The following errors were reported by the server:

And I have a correct a DNS records for my domain names. But there is no reverse ip lookup. But it should not be a problem.

I successfully used letsencrypt of another machine on same hosting, but that machine is a Windows server.


--webroot is intended for systems with an existing web server. If you want certbot to spawn its own web server, you need --standalone. (Note that you can use either port 80 or 443, this is explained in the linked documentation. The default is 443, IIRC.)


Oh…no… Thank you! It works.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.