Again LE, debian 10

Discussion in 'Installation/Configuration' started by andron26, Jun 2, 2020.

  1. andron26

    andron26 Member

    Hello,
    Debian Buster and ISPConfig 3.1.15p3
    certbot 0.31.0
    I've read all suggestion about LE on Debian 10 and ISPC3, but stucked, please help.
    I've installed Ispconfig 3 on Debian 10 and Apache from perfect setup. I've managed to issue cert for main ispc panel from LE. But now when I want to test LE on new site I cant get new cert. I have such error in letsencrypt.log:
    "detail": "Fetching http://testavi.lt/.well-known/acme-challenge/UdcEu-uUJwblyYZHGOFhciNF-nNr5H13C41_g5yiSTE: Timeout during connect (likely firewall problem)",
    "url": "http://testavi.lt/.well-known/acme-challenge/UdcEu-uUJwblyYZHGOFhciNF-nNr5H13C41_g5yiSTE",
    "hostname": "testavi.lt",
    "value": "www.testavi.lt"
    "detail": "Fetching http://www.testavi.lt/.well-known/acme-challenge/dzOHuuUpgQF8iP-4fXhKbz4emL4EnzNLBBauLgm_R0U: Timeout during connect (likely firewall problem)",
    "url": "http://www.testavi.lt/.well-known/acme-challenge/dzOHuuUpgQF8iP-4fXhKbz4emL4EnzNLBBauLgm_R0U",
    "hostname": "www.testavi.lt",
    Domain: www.testavi.lt
    Detail: Fetching http://www.testavi.lt/.well-known/acme-challenge/dzOHuuUpgQF8iP-4fXhKbz4emL4EnzNLBBauLgm_R0U: Timeout during connect (likely firewall problem)
    Domain: testavi.lt
    Detail: Fetching http://testavi.lt/.well-known/acme-challenge/UdcEu-uUJwblyYZHGOFhciNF-nNr5H13C41_g5yiSTE: Timeout during connect (likely firewall problem)
    certbot.errors.FailedChallenges: Failed authorization procedure. www.testavi.lt (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.testavi.lt/.well-known/acme-challenge/dzOHuuUpgQF8iP-4fXhKbz4emL4EnzNLBBauLgm_R0U: Timeout during connect (likely firewall problem), testavi.lt (http-01):

    I've putted hello.txt to this site http://testavi.lt/.well-known/acme-challenge/hello.txt and its works locally and remotely. What could be the reason for this error? Tried all tips what I found on this forum. Please advice what I am missing.
     
    Last edited: Jun 2, 2020
  2. Th0m

    Th0m ISPConfig Developer ISPConfig Developer

  3. nhybgtvfr

    nhybgtvfr Active Member

    how did you get the isp panels letsencrypt cert?

    how did you test this? was the remote test from a machine on the same network or from a machine outside the firewall and not using a vpn?

    either apache isn't running, in which case all of your tests would have failed
    it does look like there's a firewall in the way blocking at least port 80..

    wget http://testavi.lt
    --2020-06-02 13:36:57-- http://testavi.lt/
    Resolving testavi.lt (testavi.lt)... 84.15.106.47
    Connecting to testavi.lt (testavi.lt)|84.15.106.47|:80... failed: Resource temporarily unavailable.
    Retrying.

    or maybe you do have port 80 open on your firewalls but only allowing connections from a few specific ip's?
     
  4. andron26

    andron26 Member

    Soooory, I'm totally noob. You are right, this ip was blocked on edge router only for local traffic. Fixed, and LE works. Thx a lot.
     

Share This Page