Hi there,
Hoping you guys can help me out. In short, my letsencrypt docker is giving me the 'likely firewall issue' message but I have tested port forwarding with nginx and nginxproxymanager dockers, which show their default pages via the opened ports.
I followed spaceinvaderone's guide (with methodical pausing while i applied the steps), so forwarding 443 from router to 1443 on unraid host, and 80 to 180 in the same way.
I've got a domain registered. I've added a CNAME to my domain, pointing to a duckdns subdomain. I've setup the duckdns docker to update IP for this.
My ISP did have default ports blocked, which I've turned off (otherwise the tests above wouldn't have worked anyway).
I've also followed the linuxserver troubleshooting guide for the port forwarding issue already.
Can anyone shed some light? Would be much appreciated
If my letsencrypt log is useful, it's pasted below (xxxx'd out the domain and email specifics:
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Australia/Sydney
URL=xxxxxxxx.net
SUBDOMAINS=nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=
2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.xxxxxxxx.net
E-mail address entered:
[email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.xxxxxxxx.net
Waiting for verification...
Challenge failed for domain nextcloud.xxxxxxxx.net
http-01 challenge for nextcloud.xxxxxxxx.net
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: nextcloud.xxxxxxxx.net
Type: connection
Detail: Fetching
http://nextcloud.xxxxxxxx.net/.well-known/acme-challenge/dTkFfXItBI3Q886xxxxxxxxxxxxXeCA8Dz6mEyanU:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container