TLD;DR
I ask certbot to challenge using standalone plugin and using http on port 10000; the standalone server is listening to port 1000, but acme challenge is done against port 80.
The command I am running
sudo certbot certonly --standalone --non-interactive --preferred-challenge http-01
--http-01-port 10000 --agree-tos
--email realtebo@example.com --domains realtebo.example.com
--pre-hook 'sudo service webmin stop'
--post-hook 'sudo service webmin start'
--staging --dry-run
The error
Domain: realtebo.example.com
Type: connection
Detail: Fetching
http://realtebo.example.com/.well-known/acme-challenge/DbE18Iyfud0xBRtrfvz-ILifSzqV-7GoV5uRAyuNYRw:
Timeout during connect (likely firewall problem)
Note about firewall
I am sure I have no firewall problem, Webmin is running on port 10000 and is reachable from outside
Seems it’s using the port 80
See the following portion of the log
"validationRecord": [
{
"url": "http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow",
"hostname": "realtebo.example.com",
"port": "80",
"addressesResolved": [
"redacted"
],
"addressUsed": "redacted"
}
]
I removed Ip but was correct.
It’s using port 80 ! Why?
standalone server is correctly using the port I specified
Note this portion of log (it is a port of the same run)
2018-08-29 13:56:28,854:INFO:certbot.auth_handler:Performing the following challenges:
2018-08-29 13:56:28,854:INFO:certbot.auth_handler:http-01 challenge for realtebo.example.com
2018-08-29 13:56:28,855:DEBUG:acme.standalone:Successfully bound to :10000 using IPv6
2018-08-29 13:56:28,855:DEBUG:acme.standalone:Certbot wasn't able to bind to :10000 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
....
2018-08-29 13:56:42,465:DEBUG:certbot.plugins.standalone:Stopping server at :::10000...