Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ācā to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for leudla.net
Enabled Apache rewrite module
Waiting for verificationā¦
Cleaning up challenges
Failed authorization procedure. leudla.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://leudla.net/.well-known/acme-challenge/SxgKXqvpFmgSmFpmSliPx0h1jHA8T8EAkyYbIAIKZg8: Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If youāre using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
The operating system my web server runs on is (include version):
Windows 10, Windows Subsystem for Linux, Debian Stretch
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donāt know): yes
Iām using a control panel to manage my site (no, or provide the name and version of the control panel): no
Your site has a timeout using http / port 80. But your port 443 - oh, answers with http, not with https.
Sending a https query produces a typical error message ("The handshake failed due to an unexpected packet format"), so http over port 443 is checked. And there is a "normal http status 200".
Hmm, thatās unfortunate. Iām a software engineer, but a network newbie, can you tell me whether thereās another way of installing the SSL certificate? Can I try DNS validation instead?
Google Domains doesnāt offer an API to enable automated TXT record updates, which is what would be required for DNS validation.
You could change your domainās DNS hosting to somewhere else that supports both DDNS and also API updates. One example is Cloudflare, but itās far from the only choice.
You can do this for free - you donāt need to transfer your domain, just to use different nameservers.
If you did choose to do this, with the Cloudflare example, then youād just install the Certbot Cloudflare plugin and issue your certificate according to the instructions.