Letsencrypt acme-challenge timeout errors - Help!

Hi everyone-

I have had previous versions of Nextcloud working flawlessly. I installed the latest version on a fresh sd card, and can’t get letsencrypt to work. When I run LetsEncrypt from the web panel, I get the following error:

** - The following errors were reported by the server:**

** Domain: 444.dynu.net**
** Type: connection**
** Detail: Fetching**
** http://444.dynu.net/.well-known/acme-challenge/9a0LRPueeZTAvfUpU9PH3xUdrZfWHZFwCtBzNtkVkcI:**
** Timeout**

** To fix these errors, please make sure that your domain name was**
** entered correctly and the DNS A/AAAA record(s) for that domain**
** contain(s) the right IP address. Additionally, please check that**
** your computer has a publicly routable IP address and that no**
** firewalls are preventing the server from communicating with the**
** client. If you’re using the webroot plugin, you should also verify**
** that you are serving files from the webroot path you provided.**

I cannot seem to get past this. I have been looking at the logs, and can’t figure out where this is failing. Please help.

having both ports, 80 and 443, open and redirected?

I have the same error here on a nextcloud box : No automatic renewing of Letsencrypt certificate on Nextcloud Box

I’ve no clue why. Both port 80 and 443 are open and redirected to the right machine, and it worked for almost a year without any problem.

to be perfectly honest with you, jean, i read your comment in another thread about being left alone with snap-nc… and then i started investigating your open questions and found that one…

and started searching the web for answers. this question from above came up on my search and so i tried a quick and dirty answer b/c it was quick and dirty question w/o any more information.

i got the impression that something was changed somewhere since this kind of problem seems to turn up more often, lately.
so far i don’t have any more hints for you. except for a more general one: you could put your question/problem on the letsencrypt forum. ppl seem to be helpful there.

what do you think?

Thanks for your investigation. Have you seen the possible workaround here? Renew Letsencrypt Certificate on Nextcloud Box

Do you have any opinion on it ?

I’ll try let’s encrypt forum if no one comes up with something. I’m quite busy right now, and I can’t afford the time to fix this with a risk of messing things up!

Thanks again

it’s definitly worth a try. at least i would try it.

plus: its suggested to have the old data as a backup. so if nothings happens you could go back to it…
or maybe even better: write your setting from your sd-card into a own image (so to say burn your own image). so if the suggested backup wouldnt work because something else got tweaked somewhere you always could get back to this burned image. and this will work after re-installing it onto your sd card.

so what do YOU think now?

A timeout normally means the cert-server can’t reach you. If you are convinced that your network and port forwarding is correctly set up, you could try a packet-sniffer like tcpdump and see if there are packets arriving. Then you can say if it is a problem on your server or on your router.

Thanks for the help guys. I got it to work. my DDNS is through Dynu.com. On their website, on my dashboard, I unchecked “Enable IPV6 Address” for the domain, and was then able to get everything to work. I’m somewhat of a noob when it comes to networking, so I can’t explain why this worked.

1 Like

note to self: always ask about ipv6 first

Note the url protocol it was using: [http]://444.dynu.net/.well-known/acme-challenge/****

I had the same issue on my fedora machine and it was simply 80 port not redirected to 443. It was refusing the 80.
After I redirected 80 => 443 it started working.


Listen 80

<VirtualHost *:80>
    ServerName 444.dynu.net
    RewriteEngine on
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R,L]

and then
systemctl restart httpd