My turn, I guess…
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mccloud.thompsonian.net
I ran this command: sudo certbot certonly --standalone -d mccloud.thompsonian.net
from apt show certbot
Version: 0.21.1-1+ubuntu16.04.1+certbot+0.2
It produced this output:
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mccloud.thompsonian.net
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. mccloud.thompsonian.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mccloud.thompsonian.net/.well-known/acme-challenge/3ncnScX16NO9RSJH-n9obX0zLaw085JJfnh2wQXN5Jc: Timeout
mccloud@mccloud:~$ sudo tail /var/log/letsencrypt/letsencrypt.log
certr, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 318, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. mccloud.thompsonian.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mccloud.thompsonian.net/.well-known/acme-challenge/3ncnScX16NO9RSJH-n9obX0zLaw085JJfnh2wQXN5Jc: Timeout
My web server is (include version): the certbot --standalone one
The operating system my web server runs on is (include version): Linux mccloud 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is: self-hosted, Cox Communications subscriber.
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Other notes:
Not running a firewall. Placed it in the “DMZ” of my router. I can ping it via FQDN and ip, ssh into it, and in the past I’ve run web servers on ports 80 and 443 with success locally generated self-signed certs. Running --standalone this time to make sure there’s nothing interfering. Please help me to discover whatever it is I’ve obviously forgotten to do.