Raspberry pi portainer issue

james-brinson · September 9, 2023, 2:07am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
pineforestnas.duckdns.org
I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I am trying to run a home server using openmediavault, docker and portainer. I'm trying to run nextcloud for this. When I run letsencrypt and try to establish a connection with my dns client I get this error:

[Fri Sep  8 22:01:56 EDT 2023] Verifying: pineforestnas.duckdns.org
[Fri Sep  8 22:01:59 EDT 2023] Pending
[Fri Sep  8 22:02:02 EDT 2023] Pending
[Fri Sep  8 22:02:05 EDT 2023] Pending
[Fri Sep  8 22:02:08 EDT 2023] pineforestnas.duckdns.org:Verify error:64.203.226.170: Fetching http://pineforestnas.duckdns.org/.well-known/acme-challenge/1HzGxWZNtho6Y8qaUIUaRL0dz5ne3IXVgFa1RsRcIV0: Timeout during connect (likely firewall problem)
[Fri Sep  8 22:02:08 EDT 2023] Please check log file for more details: /dev/null
Sleep for 3600s

I have no idea what I am doing wrong here.

rg305 · September 9, 2023, 2:32am

Hi @james-brinson, and welcome to the LE community forum

You need a working HTTP server before you can secure it using HTTP-01 authentication.

curl -Ii pineforestnas.duckdns.org
curl: (56) Recv failure: Connection reset by peer

Ensure:

The IP address is up-to-date
Name: pineforestnas.duckdns.org
Address: 64.203.226.170
the firewall(s) are allowing HTTP [TCP port 80] to reach the server
[you may need to use port forwarding/NAT for that]

Which ACME client did you use?
[the more answers you provide the quicker we can get this resolved]

rg305 · September 9, 2023, 2:42am

Did you think this would be simple?

james-brinson · September 9, 2023, 5:06am

ok, I have port forwarding enabled to my server (raspberry pi ip)
The duckdns is current
I appologize for my ignorance but I have no idea what you mean by needing a working HTTP server and I am also not sure about the ACME client?

Thank you for responding!

9peppe · September 9, 2023, 5:47am

Before you can encrypt your http, you need to have a functioning unencrypted http.

Check your firewalls, your port forwarding (on ports 80 and 443), and your webserver.

rg305 · September 9, 2023, 6:48pm

This should not fail:

curl -Ii http://pineforestnas.duckdns.org/
curl: (56) Recv failure: Connection reset by peer

james-brinson · September 9, 2023, 9:21pm

ok. what can i do to resolve that issue?

9peppe · September 9, 2023, 10:35pm

Is your website supposed to be public?

If yes, check your firewall for port 80.