My domain is: vault.burstein.de
My web server is (include version):nginx
The operating system my web server runs on is (include version): Ubuntu LTS 20.04 (in lxc)
My hosting provider, if applicable, is: none/selfhosted
I can login to a root shell on my machine (yes or no, or I don't know): yes
So it seems i have this problem of getting proper validation for the LE certificates because of timeouts. I have read numerous topics about this but it is not clear to me why it is not working (this time). I have certificates in place for all my subdomains, but now (once again) i get these errors.
So it seems port 80 cant be reached; also letsdebug gives me an error: ANotWorking
Error
vault.burstein.de has an A (IPv4) record (92.39.23.246) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A test authorization for vault.burstein.de to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
Well, Let'sDebug can't get to it, Let's Encrypt can't get to it, and testing from my system can't get to it.
$ curl http://vault.burstein.de/.well-known/acme-challenge/2vavQ2daVJ5seXKJ2uAY2khp-UD6ifn8RtC-upx158s
curl: (7) Failed to connect to vault.burstein.de port 80: Connection timed out
It needs to be accessible from everywhere on the Internet, but it seems to only be visible to you. You need to figure out what's blocking it (maybe something that blocks other parts of the world from where you are; maybe something your ISP has in place) and fix it to allow for port 80 connections from everywhere.
Hello @Burschi500 welcome to the community.
From where I sit at first glance your main issue must be related to the error message you were presented in the output of your command.
PORT STATE SERVICE
22/tcp filtered ssh
80/tcp filtered http
443/tcp filtered https
As @petercooperjr states... In order to obtain a certificate LE must be able to communicate with your server.
Stupid me, problem solved. Yes, its filtered - but only from where you are. I have some blocklists set up, including usa so this could not work. Therefore i see no "filtered" on port 80 - from where i am (my remote is also located in europe), but you and LE do.
Please close this thread. Or better delete it. Or let it stand here as a testimonial of my incompetence
Glad you figured it out! It's surprisingly easy to forget about blocking rules in place (or not be aware of ones a predecessor put in) and it's surprisingly hard to test how a site works from "everywhere" out there on the Internet. Let's Encrypt actually checks from several vantage points (I don't even know if they're all in the USA) to ensure that you actually own your site as seen from "everywhere" on the Internet before issuing a certificate.
But don't worry, you weren't the first and won't be the last to be tripped up a little by it.
... thats because the proxy is working, but the server behind it has not started yet. But after figuring this out ill get it up and running soon i think
