Topic: certbot challenge failed
When I execute # certbot certonly --webroot --dry-run -w /var/www/html -d mail.$MYDOMAIN.com, I get this error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Simulating a certificate request for mail.$MYDOMAIN.com
Performing the following challenges:
http-01 challenge for mail.$MYDOMAIN.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain mail.$MYDOMAIN.com
http-01 challenge for mail.$MYDOMAIN.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mail.$MYDOMAIN.com
Type: connection
Detail: Fetching
https://mail.$MYDOMAIN.com/.well-known/acme-challenge/OieODzucm_cj8KW2hYBYoOZaUvh1fDjpgrGarDvgtb4:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.This happens on a fresh installation of Debian 10 where all I have done other than installing iRedmail was adding a non-root user.
I installed iRedmail 1.3.2 from the downloaded installer and I selected Nginx as a server, removed RoundCube, added Sogo, and chose Postgres as the database during the installation process.
/var/log/nginx/access.log looks like this:
52.58.118.98 - - [16/Mar/2021:18:47:09 +0100] "GET /.well-known/acme-challenge/OieODzucm_cj8KW2hYBYoOZaUvh1fDjpgrGarDvgtb4 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
18.224.20.83 - - [16/Mar/2021:18:47:09 +0100] "GET /.well-known/acme-challenge/OieODzucm_cj8KW2hYBYoOZaUvh1fDjpgrGarDvgtb4 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
66.133.109.36 - - [16/Mar/2021:18:47:09 +0100] "GET /.well-known/acme-challenge/OieODzucm_cj8KW2hYBYoOZaUvh1fDjpgrGarDvgtb4 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.211.60.134 - - [16/Mar/2021:18:47:09 +0100] "GET /.well-known/acme-challenge/OieODzucm_cj8KW2hYBYoOZaUvh1fDjpgrGarDvgtb4 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"I don't think I would be seeing that if the firewall was the problem or if the DNS records had not been propagated.
Any ideas how to fix this?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.