Hopefully I am not doing something dumb, but I’m trying to use Let’s Encrypt but it fails. Full diagnostic is green everywhere except for the Let’s Encrypt app that says it cannot access the URL for my domains. I have set up BIND and Dynamic DNS but it still cannot access the URL. Is there something I did wrong/forgot to do? I looked to enable in Name Services but it just shows the option to configure, no option to enable or disable domains.
Are you able to access the above URLs from outside (or even inside) your home network? If not, there is something possibly wrong with the Dynamic DNS setup.
- Make sure that your your domain is resolving to your home’s IP address.
- Then make sure that your router is forwarding traffic to your FreedomBox either with the DMZ feature or the port forwarding feature.
So I double checked the port forwarding. I am able to access to pi-hole on my network and I am able to use the domain name to access my freedombox, but still get the following error when running Lets Encrypt app
Let’s Encrypt server seems to complain that it is not able to authenticate because it is unable to get IP address for the domain you have. We haven’t yet had an LE failure when domain was accessible properly.
Please check that the domain is access from outside your network:
- You can try to accessing your website, say using Tor browser.
- You can a DNS resolver (or an online web based tool) and see if the DNS is working and giving out the IP address of your machine:
$ dig xxxxx.freedombox.rocks
;; ANSWER SECTION:
xxxxx.freedombox.rocks. 60 IN A 12.34.56.78
It would be good to clarify in the LE page that incoming port 80 will be required.
There is now, I think, the https-01 challenge, which can run on port-443.
In general, people might want to prefer opening only port 443 incoming (whether a port-forward on IPv4, or an incoming ACL rule for IPv6). It might also be worth considering if we can use PCP and/or UPnP to open the port.
I would be happy to discuss this further.