Letsencrypt Timeout during connect

Hey Guys,

Im very new to nextcloud, i have a raspberrypi 3 and getting the following error message:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for eisbergcloud.spdns.de
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. eisbergcloud.spdns.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://eisbergcloud.spdns.de/.well-known/acme-challenge/soy7Msdi0_FjuLzahpYg5k0iYVoxfO41KREin2HcoIE: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: eisbergcloud.spdns.de
Type: connection
Detail: Fetching
http://eisbergcloud.spdns.de/.well-known/acme-challenge/soy7Msdi0_FjuLzahpYg5k0iYVoxfO41KREin2HcoIE:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

How do i fix it?
Port 443 and 80 are forwarded in my frixbox settings and as far as im concern there is no firewall on my pi which should block.
But maybe important the pi is corrently connectet with LAN to a fritz.box which is configurated as a WLAN repeater. The Port settings are set on the FritzBox where the FritzBox Repeater is also getting his wlan signal from

Your domain eisbergcloud.spdns.de is unreachable, in HTTP or HTTPS. Maybe a start ?

i thought because is already trying to reach my router but the part of nextcloud doenst work? at least its “linked” to my ipv4 address

I tried it with no-ip.net. Same thing. IDk why it is not working. lets crypt is optional if i get it right, right? Like for secure connection?
on no-ip.net i can check my ports that tools is telling me the ports 80/443 are not open but as you can see i open them… I have install the no-ip dyndns tool it is running. no-ip shows my last login with that tool. Dyndns is activate on my fritzbox to link to my no-ip.net domain…

I suspect that the problem is ipv4/v6 releated but no-ip.com shows a ipv4 address as last login. How can i check if my problem is ipv4/v6 releated?

Letsencrypt is trying to reach your webserver via port 80. But your instance is not reachable.

Check this:

  • Can you reach your instance from wihtin your local network?
    Yes: Your Port forwarding isn’t working. What’s behind that black box inside your screenshot?
    No: check if port is open: “telnet 192.168.178.130 80” and “telnet 192.168.178.130 443”

Regards
Max

1 Like

If you mean nextcloudpi.local than yes if not:

(base) [eisbergsalat@eisbergsalat-pc ~]$ telnet 192.168.178.130 80
Trying 192.168.178.130...
Connected to 192.168.178.130.
Escape character is '^]'.
^C
Connection closed by foreign host.

(base) [eisbergsalat@eisbergsalat-pc ~]$ telnet 192.168.178.130 443
Trying 192.168.178.130...
Connected to 192.168.178.130.
Escape character is '^]'.
^C
Connection closed by foreign host.
(base) [eisbergsalat@eisbergsalat-pc ~]$ 

Im guessing that means the ports are open, right? I double checked with http://www.portchecktool.com/ but

Problem!  I could not see your service on <my ipv4 address> on port (443).
Reason: Connection timed out. 
Problem!  I could not see your service on <my ipv4 address> on port (80).
Reason: Connection timed out. 

ah i thought yesterday that is my ipv6 address, but its not.

Currently im guessing i need a port mapping server? But no-ip.net show a ipv4 address as last login. I just bought a VPS Server of IONOS for 1 year. Lets see if with port mapping is the solution

The first telnet says, tghat your pi is reachable within your network. Good.
The second telnet (I presume, that is your public ip) says, that the ports are not reachable from outside. But your FritzBox seems to be configured correctly. Do you have any more firewall beetwen your FirtzBox and the public internet? Has your pi already been reachable from outside?

How do you conclude that the second telnet is saying that the ports are not reachable? Its connecting? Its my lan IP adress which im using there or did you mean the return of the port checking tool.

So im back with more information. Seems like i only have ipv6 address from my internet provider. Thats why the port checking tool tells me my ports are closed. The IPV4 address which i can see if i check on sites like whats my ip is from the NAT of my provider.
So i need something like a port maping server. Got a paided virtual server with a public ipv4 address. Now i tried with 6tunnel to tunnel all the request to my ipv6 address but it doenst work. Than i tried a reverse ssh (with the -R parameter), didnt work. Now im completly clueless.
Currently i just want to have like a very simple test side to be reachable outside of my network.
Any ideas? Would be awesome otherwise I’ll go crazy

With “The second” I’ve meant the second “screenshot” beginning with “Problem! I could…”

Now as qe know that this is an ipv6 issue I can not help you any more. I don’t have know-how about it.

Sorry and good luck…