Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: tangaradaserra.mt.gov.br
I ran this command: certbot
It produced this output:
Requesting a certificate for tangaradaserra.mt.gov.br
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
** Domain: tangaradaserra.mt.gov.br**
** Type: connection**
** Detail: 188.8.131.52: Fetching http://tangaradaserra.mt.gov.br/.well-known/acme-challenge/p2637axetadVT1QkFyxWsc284oITJmzcwfel9RlI1xY: Timeout during connect (likely firewall problem)**
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu server 18.04
My hosting provider, if applicable, is: Apache 2.4.29
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 1.32.0
Welcome to the community @ChristianHerber
The Let's Encrypt server must be able to reach your domain to confirm you control it. That request is timing out. It makes several requests from various points around the world.
I cannot reach your site from my test server in an AWS region in the US East Coast. And, the Let's Debug test site cannot reach your server either.
But, testing from other points around the world I see some connections work.
So, it looks like you have a firewall blocking certain regions or maybe just many IP addresses. You will need to remove those for the HTTP Challenge to work. Or, switch to using a DNS Challenge. The DNS Challenge is often much harder to automate.
Best Practice Keep Port 80 Open
Ports 80 and 443 are allowed in firewall.
But something is blocking connections to your server.
The Let's Debug test site and Let's Encrypt servers still cannot reach your server. You need to review each part of your network connection from your server out to your ISP and check each to ensure they are not blocking connections.
Here is another test site that shows connection tests from some regions work but others fail.
But there's no connection possible:
$ sudo nmap -Pn 184.108.40.206
Starting Nmap 7.92 ( https://nmap.org ) at 2022-11-22 18:40 CET
Nmap scan report for 220.127.116.11
Host is up (0.30s latency).
Not shown: 999 filtered tcp ports (no-response)
PORT STATE SERVICE
113/tcp closed ident
Nmap done: 1 IP address (1 host up) scanned in 32.96 seconds
Not to you but some regions work as noted from the site24x7 site. Note especially an NL region failed
Jup, looks like some kind of geo-blocking.
that was it, all right now, thank's.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.