Let's Encrypt Not Working on new install - server can't see itself?

pbarney · November 7, 2017, 8:40am

I really need someone’s help. I’m tossing chairs around my office trying to get this to work. I’m so frustrated.

(I’ve created a fake domain to learn how to make this work. Namecheap is selling .xyz domains for 48 cents.)

I’ve followed everything TO THE LETTER and I keep getting this same message:

ERROR:acme.challenges:Unable to reach http://box.dlewigoxdq.xyz/.well-known/acme-challenge/LP54RrDxO8OBybfP49-Om6WCVd0P-FG301HYxlN8DSM: HTTPConnectionPool(host=‘box.dlewigoxdq.xyz’, port=80): Max retries exceeded with url: /.well-known/acme-challenge/LP54RrDxO8OBybfP49-Om6WCVd0P-FG301HYxlN8DSM (Caused by NewConnectionError(‘<urllib3.connection.HTTPConnection object at 0x7f60d80e6978>: Failed to establish a new connection: [Errno 110] Connection timed out’,))

I can access that URL from my PC, but the server can’t see it when I try to wget it from the mailinabox server. Firewall problem? I don’t know. This is my first foray into all this stuff.

Please help me, you’re my only hope.

murgero · November 7, 2017, 3:25pm

How long has the DNS for the server been active? Let’s Encrypt might not be able to see it just yet.

pbarney · November 7, 2017, 6:08pm

DNS was switched about 24 hours ago, but I don’t think that’s the problem. The server can’t access it’s own port 80. Anybody can access it from the outside, but it can’t access it itself.

How do you check the firewall in mail-in-a-box?

pbarney · November 7, 2017, 7:20pm

Also, the following was in /var/log/nginx/error.log when I clicked “Provision” from the admin interface (under TLS/SSL Certificates):

2017/11/07 13:30:24 [error] 7370#0: *227 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: box.dlewigoxdq.xyz, request: "POST /admin/ssl/provision HTTP/1.1", upstream: "http://127.0.0.1:10222/ssl/provision", host: "box.dlewigoxdq.xyz", referrer: "https://box.dlewigoxdq.xyz/admin"

sander-schippers · November 8, 2017, 2:36pm

ufw status (when root).

Something like this should be the result

Status: active

To Action From

22 ALLOW Anywhere
53 ALLOW Anywhere
25/tcp ALLOW Anywhere
587 ALLOW Anywhere
993 ALLOW Anywhere
995 ALLOW Anywhere
4190/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
587 (v6) ALLOW Anywhere (v6)
993 (v6) ALLOW Anywhere (v6)
995 (v6) ALLOW Anywhere (v6)
4190/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)

Although, im interested what’s port 4190

you should also see at least two routes
one default route
0.0.0.0 0.0.0.0
and a route to your subnet
0.0.0.0 255.255.255.0

Hope that helps

pbarney · November 8, 2017, 3:48pm

Yours is identical to mine. And my routes look right.

4190 is for Dovecot (for POP3/IMAP).

If I can’t get this resolved, I’m going to have to just dump mail-in-a-box and try mailcow or something else.

murgero · November 8, 2017, 4:46pm

Now that it’s been 24 hours, and DNS should most likely be updated, can you try again?

sander-schippers · November 9, 2017, 1:38pm

If you need some help, I can look this evening. Sent me an account and a ssh login, maybe I can help.

Email is: sander@doofpot.nl

Don’t forget to remove it afterwards;)

system · November 16, 2017, 1:38pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.