I am starting a new one because the old one was way to long, and it had out dated information for my server
My domain is:
sturtz.ml
I ran this command:
certbot
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
1: sturtz.ml
2: cloud.sturtz.ml
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Waiting for verification…
Challenge failed for domain cloud.sturtz.ml
Challenge failed for domain sturtz.ml
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: cloud.sturtz.ml
Type: connection
Detail: Fetching
http://cloud.sturtz.ml/.well-known/acme-challenge/a5xmyvF4-GcxjiNnl-fo_jiVuGoniwIwubkoFD63xQ8:
Timeout during connect (likely firewall problem)Domain: sturtz.ml
Type: connection
Detail: Fetching
http://sturtz.ml/.well-known/acme-challenge/uqLWHSnLvl6T_aqioj4wMvFhM7tftTk3RVsTa0FnhFI:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
Server version: Apache/2.4.41 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu Server 20.04
My hosting provider, if applicable, is:
None
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
None
The version of my client is (e.g. output ofcertbot --version
orcertbot-auto --version
if you’re using Certbot): certbot 1.7.0
‘ip address’
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:23:24:08:58:1f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
valid_lft 86388sec preferred_lft 86388sec
inet6 2604:99c0:8:2fe6:f849:8417:44ec:2240/64 scope global temporary dynamic
valid_lft 43192sec preferred_lft 26992sec
inet6 2604:99c0:8:2fe6:223:24ff:fe08:581f/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 43192sec preferred_lft 26992sec
inet6 fe80::223:24ff:fe08:581f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:1b:21:bf:e7:28 brd ff:ff:ff:ff:ff:ff
inet 169.254.38.166/16 brd 169.254.255.255 scope link noprefixroute ens2
valid_lft forever preferred_lft forever
inet6 2604:99c0:8:2fe6:79d7:6cde:235d:c8bf/64 scope global temporary dynamic
valid_lft 43192sec preferred_lft 26992sec
inet6 2604:99c0:8:2fe6:21b:21ff:febf:e728/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 43192sec preferred_lft 26992sec
inet6 fe80::21b:21ff:febf:e728/64 scope link noprefixroute
valid_lft forever preferred_lft foreverr
sudo lsof -iTCP -sTCP:LISTEN -P
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 755 systemd-resolve 13u IPv4 26099 0t0 TCP localhost:53 (LISTEN)
cupsd 771 root 7u IPv6 30989 0t0 TCP ip6-localhost:631 (LISTEN)
cupsd 771 root 8u IPv4 30990 0t0 TCP localhost:631 (LISTEN)
named 873 bind 22u IPv4 30300 0t0 TCP localhost:953 (LISTEN)
named 873 bind 26u IPv4 30129 0t0 TCP localhost:53 (LISTEN)
named 873 bind 27u IPv4 30129 0t0 TCP localhost:53 (LISTEN)
named 873 bind 28u IPv4 30129 0t0 TCP localhost:53 (LISTEN)
named 873 bind 32u IPv6 30749 0t0 TCP ip6-localhost:53 (LISTEN)
named 873 bind 33u IPv6 30749 0t0 TCP ip6-localhost:53 (LISTEN)
named 873 bind 34u IPv6 30749 0t0 TCP ip6-localhost:53 (LISTEN)
named 873 bind 35u IPv6 30301 0t0 TCP ip6-localhost:953 (LISTEN)
named 873 bind 38u IPv6 30520 0t0 TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named 873 bind 39u IPv6 30520 0t0 TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named 873 bind 40u IPv6 30520 0t0 TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named 873 bind 45u IPv4 30704 0t0 TCP sturtz001:53 (LISTEN)
named 873 bind 46u IPv4 30704 0t0 TCP sturtz001:53 (LISTEN)
named 873 bind 47u IPv4 30704 0t0 TCP sturtz001:53 (LISTEN)
named 873 bind 50u IPv4 32956 0t0 TCP sturtz001.local:53 (LISTEN)
named 873 bind 51u IPv4 32956 0t0 TCP sturtz001.local:53 (LISTEN)
named 873 bind 52u IPv4 32956 0t0 TCP sturtz001.local:53 (LISTEN)
mysqld 946 mysql 26u IPv4 31345 0t0 TCP localhost:3306 (LISTEN)
sshd 1320 root 3u IPv4 34564 0t0 TCP *:22 (LISTEN)
sshd 1320 root 4u IPv6 34566 0t0 TCP *:22 (LISTEN)
apache2 1336 root 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 1336 root 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
miniserv. 1479 root 5u IPv4 37015 0t0 TCP *:10000 (LISTEN)
apache2 2567 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2567 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
apache2 2568 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2568 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
apache2 2569 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2569 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
apache2 2570 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2570 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
apache2 2571 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2571 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
Router status page
I am in the DMZ, I hae ufw off
netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 873/named
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 966/tor
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 946/mysqld
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1479/perl
tcp 0 0 169.254.38.166:53 0.0.0.0:* LISTEN 873/named
tcp 0 0 192.168.1.8:53 0.0.0.0:* LISTEN 873/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 873/named
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 755/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1320/sshd: /usr/sbi
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 771/cupsd
tcp 0 0 192.168.1.8:48794 35.224.99.156:80 TIME_WAIT -
tcp 0 248 192.168.1.8:22 192.168.1.6:49682 ESTABLISHED 1412/sshd: nsturtz
tcp6 0 0 ::1:953 :::* LISTEN 873/named
tcp6 0 0 :::443 :::* LISTEN 1336/apache2
tcp6 0 0 :::80 :::* LISTEN 1336/apache2
tcp6 0 0 fe80::223:24ff:fe08::53 :::* LISTEN 873/named
tcp6 0 0 ::1:53 :::* LISTEN 873/named
tcp6 0 0 :::22 :::* LISTEN 1320/sshd: /usr/sbi
tcp6 0 0 ::1:631 :::* LISTEN 771/cupsd
When I login I get
IPv4 address for enp0s25: 192.168.1.8
IPv6 address for enp0s25: 2604:99c0:8:2fe6:6dd8:c0e3:de7c:f8c6
IPv6 address for enp0s25: 2604:99c0:8:2fe6:223:24ff:fe08:581f
IPv4 address for ens2: 169.254.38.166
IPv6 address for ens2: 2604:99c0:8:2fe6:f130:7ee1:f181:afb8
IPv6 address for ens2: 2604:99c0:8:2fe6:21b:21ff:febf:e728