To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address

Hi,
can you help me, I will install let’s encrypt on my server, but I have problems like the one below when certbot, your help is very valuable to me.

Best Regards

root@conference-Inspiron-3671:/home/conference# sudo certbot --webroot -w /var/www/bigbluebutton-default/ -d meeting.bbn.co.id certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for meeting.bbn.co.id
Using the webroot path /var/www/bigbluebutton-default for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. meeting.bbn.co.id (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://meeting.bbn.co.id/.well-known/acme-challenge/A3N9IWOZsIcPDQHji1DTvcUtHN2uKjk1eGr5orZmAX4: Connection refused

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: meeting.bbn.co.id
    Type: connection
    Detail: Fetching
    http://meeting.bbn.co.id/.well-known/acme-challenge/A3N9IWOZsIcPDQHji1DTvcUtHN2uKjk1eGr5orZmAX4:
    Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Hi @alfian

read your output. A working port 80 is required if you want to create a new certificate.

Same picture checking via https://check-your-website.server-daten.de/?q=meeting.bbn.co.id

Domainname Http-Status redirect Sec. G
http://meeting.bbn.co.id/ 175.103.40.190 -2 1.577 V
ConnectFailure - Unable to connect to the remote server
http://www.meeting.bbn.co.id/ 175.103.40.190 -2 1.594 V
ConnectFailure - Unable to connect to the remote server
https://meeting.bbn.co.id/ 175.103.40.190 -2 6.907 V
ConnectFailure - Unable to connect to the remote server
https://www.meeting.bbn.co.id/ 175.103.40.190 -2 1.576 V
ConnectFailure - Unable to connect to the remote server

Is there a firewall or a wrong configured router?

Hi @JuergenAuer
thank you for the reply

For the firewall, it can be seen that I have allowed using ufw, then for the router there is no config that blocks port 80.

My conference server IP is 172.16.1.3
Then I make it a domain name server

in the settings in my cpanel meeting.bbn.co.id go to my internet public ip and can be seen below
then what’s the problem, your help is very valuable to me, Best Regards

There is a blocking instance.

You have to find it and you have to remove it / allow the port 80 traffic.

Have you check with your ISP some of them block port 80 and other ports to stop abuse or force people to spend more money to unblock them?

@JuergenAuer have asked the ISP and I have allowed the router to have no block on port 80

@advocaite Same as the previous answer, indeed there is no block to port 80 or the other, I have already asked, is there a problem other than that

Hi @advocaite and @JuergenAuer

I’ve been looking for a firewall problem, it seems like the problem is finished in my opinion, but if you haven’t asked for help.

I read the problem in the picture seems to be a new problem related to the number of my registered subdomain, can you help me so I can get let’s encrypt

That is the Failed Validation rate limit described on:

HI @mnordhoff

Could I have avoided this failed auth limit if I added --dry-run to my command line above after certonly?

I’m hoping this will clear up in an hour and not a week because my site is currently without an SSL certificate. Thanks!