Hello, Debian Buster and ISPConfig 3.1.15p3 certbot 0.31.0 I've read all suggestion about LE on Debian 10 and ISPC3, but stucked, please help. I've installed Ispconfig 3 on Debian 10 and Apache from perfect setup. I've managed to issue cert for main ispc panel from LE. But now when I want to test LE on new site I cant get new cert. I have such error in letsencrypt.log: "detail": "Fetching http://testavi.lt/.well-known/acme-challenge/UdcEu-uUJwblyYZHGOFhciNF-nNr5H13C41_g5yiSTE: Timeout during connect (likely firewall problem)", "url": "http://testavi.lt/.well-known/acme-challenge/UdcEu-uUJwblyYZHGOFhciNF-nNr5H13C41_g5yiSTE", "hostname": "testavi.lt", "value": "www.testavi.lt" "detail": "Fetching http://www.testavi.lt/.well-known/acme-challenge/dzOHuuUpgQF8iP-4fXhKbz4emL4EnzNLBBauLgm_R0U: Timeout during connect (likely firewall problem)", "url": "http://www.testavi.lt/.well-known/acme-challenge/dzOHuuUpgQF8iP-4fXhKbz4emL4EnzNLBBauLgm_R0U", "hostname": "www.testavi.lt", Domain: www.testavi.lt Detail: Fetching http://www.testavi.lt/.well-known/acme-challenge/dzOHuuUpgQF8iP-4fXhKbz4emL4EnzNLBBauLgm_R0U: Timeout during connect (likely firewall problem) Domain: testavi.lt Detail: Fetching http://testavi.lt/.well-known/acme-challenge/UdcEu-uUJwblyYZHGOFhciNF-nNr5H13C41_g5yiSTE: Timeout during connect (likely firewall problem) certbot.errors.FailedChallenges: Failed authorization procedure. www.testavi.lt (http-01): urn:ietfarams:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.testavi.lt/.well-known/acme-challenge/dzOHuuUpgQF8iP-4fXhKbz4emL4EnzNLBBauLgm_R0U: Timeout during connect (likely firewall problem), testavi.lt (http-01): I've putted hello.txt to this site http://testavi.lt/.well-known/acme-challenge/hello.txt and its works locally and remotely. What could be the reason for this error? Tried all tips what I found on this forum. Please advice what I am missing.
Read this before posting: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ testavi.lt is not pingable and I can't find any common ports that are opened. Are you sure it's online and the necessary firewall ports are opened?
how did you get the isp panels letsencrypt cert? how did you test this? was the remote test from a machine on the same network or from a machine outside the firewall and not using a vpn? either apache isn't running, in which case all of your tests would have failed it does look like there's a firewall in the way blocking at least port 80.. wget http://testavi.lt --2020-06-02 13:36:57-- http://testavi.lt/ Resolving testavi.lt (testavi.lt)... 84.15.106.47 Connecting to testavi.lt (testavi.lt)|84.15.106.47|:80... failed: Resource temporarily unavailable. Retrying. or maybe you do have port 80 open on your firewalls but only allowing connections from a few specific ip's?
Soooory, I'm totally noob. You are right, this ip was blocked on edge router only for local traffic. Fixed, and LE works. Thx a lot.
