Server behind fritzbox only with port 3222


#1

Hello. i have only access to port 3222 (because i am behind a nat) and i cant get a certificate

My domain is: embybox.dynv6.net

I ran this command: letsencrypt certonly --standalone -d embybox.dynv6.net --tls-sni-01-port 3222

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for embybox.dynv6.net
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. embybox.dynv6.net (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 5b26f8c4ff94405f9a9150e9b07bccb0.d3ce60b41736002b93f8483ca3074a61.acme.invalid from 46.244.202.59:443. Received 1 certificate(s), first certificate had names “fritz.box, fritz.nas, myfritz.box, vxaqicibqlrbgurd.myfritz.net, www.fritz.box, www.fritz.nas, www.myfritz.box”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: embybox.dynv6.net
    Type: unauthorized
    Detail: Incorrect validation certificate for tls-sni-01 challenge.
    Requested
    5b26f8c4ff94405f9a9150e9b07bccb0.d3ce60b41736002b93f8483ca3074a61.acme.invalid
    from 46.244.202.59:443. Received 1 certificate(s), first
    certificate had names “fritz.box, fritz.nas, myfritz.box,
    vxaqicibqlrbgurd.myfritz.net, www.fritz.box, www.fritz.nas,
    www.myfritz.box”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): emby media server https://emby.media/

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS

My hosting provider, if applicable, is: Mnet

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

You can’t.

HTTP and TLS-SNI validation is only satisfiable over ports 80 and 443.

If you have control of the DNS records for embybox.dynv6.net, then you could use the DNS-01 challenge instead. This would involve setting an _acme-challenge TXT record.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.