Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: sos.mg
I ran this command: sudo certbot --nginx -d ap.sos.mg
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Cleaning up challenges
Some challenges have failed.
My web server is (include version): nginx/1.22.1
The operating system my web server runs on is (include version): debian 12
My hosting provider, if applicable, is: ovh
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0
ps: i use pfsense firewall with open port 80 nat-ted to the physical server
For some reason your timeouts are always ending in a connection reset by peer error, I noticed. Whereas other users including myself would get an actual timeout error.
$ nmap -Pn -p80,443 ap.sos.mg
Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-03 21:44 UTC
Nmap scan report for ap.sos.mg (41.204.107.135)
Host is up (0.34s latency).
rDNS record for 41.204.107.135: static-107-135.blueline.mg
PORT STATE SERVICE
80/tcp filtered http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 5.80 seconds
ANotWorking
ERROR
ap.sos.mg has an A (IPv4) record (41.204.107.135) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with ap.sos.mg/41.204.107.135: Get "http://ap.sos.mg/.well-known/acme-challenge/letsdebug-test": context deadline exceeded
Trace:
@0ms: Making a request to http://ap.sos.mg/.well-known/acme-challenge/letsdebug-test (using initial IP 41.204.107.135)
@0ms: Dialing 41.204.107.135
@10001ms: Experienced error: context deadline exceeded
IssueFromLetsEncrypt
ERROR
A test authorization for ap.sos.mg to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
41.204.107.135: Fetching http://ap.sos.mg/.well-known/acme-challenge/vLB-KuLk9NMPMkR-aq1u5jirv21iUjc9gZuRCbHhcZA: Timeout during connect (likely firewall problem)
Many thanks for you replies. I solve the issues by myself as according to your remarks, the main problem was the firewall configuration. The port forwarding was incorrect so it remain on timeout issue.
It's fix now and I go my domain certified
Certificate is saved at: /etc/letsencrypt/live/ap.sos.mg/fullchain.pem
Key is saved at: /etc/letsencrypt/live/ap.sos.mg/privkey.pem```
