Confguration issues

If you are asking for support for an issue, please include the following information at the top of your post:

  • Whether your FreedomBox is plugged into a router at home or not (if not, please specify how it is connected to the internet)
  • The month and year you bought your kit (feel free to omit if you want to preserve some privacy, but this could be helpful information)
  • The version of FreedomBox your are running (available by clicking on the “?” in the top menu --> “About”)
    Box is plugged into router.
    You are running Debian GNU/Linux 10 (buster) and FreedomBox version 19.2. FreedomBox is up to date.

I bought this with the intention of using the VPN and ad blocker. I managed to setup openVPN and download the profile and import that into an openvpn client for Mac. But the connection times out.

I tried activating Let’s Encrypt but I get an error message:
Failed to obtain certificate for domain …: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for domain Using the webroot path /var/www/html for all unmatched domains. Waiting for verification… Cleaning up challenges Failed authorization procedure. domain (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching …/.well-known/acme-challenge/1h63WrHefxsOn3WqKRKZuSiWvdd3FywvPZoVgD4lNGA: Timeout during connect (likely firewall problem)

So was it a firewall problem? I’m getting the same thing.

Are still getting the same error as you got a couple of months ago?

I am pretty new to FreedomBox. However, I have worked with Let’s Encrypt before. The ACME client will talk to the Let’s Encrypt servers to obtain the challenges. Later on, the Let’s Encrypt servers will try to reach your domain to verify the challenges. In case they can reach you and verify the challenges you will have a Let’s Encrypt certificate.

My question is, what is your domain? How did you make your FreedomBox available to the internet?

Hello there! My domain is I’m still perplexed on what I’m doing wrong? So far, I had my router stick to a static IP address, I also activated port forwarding in my router, I included service the name Let’s Encrypt, external ports 80, 443. Clicked saved. I jumped to Freedombox and clicked ‘obtain’ to get certificate and I still get the same error? Makes me wonder where am I still screwing up? I don’t want to give in on this, I’m too head strong. I want that cert LOL.

By the way balduin, I’m also new to FBX. I just got mine (Pioneer) this past weekend. I’m trying to set everything up the way I want it. Did you also install Wireguard? That’s also giving me trouble. I’ll get to that after I’m done with Let’s Encrypt.

@Nomad how did you get the domain? I tried do ping your domain and access the domain and it did not work. Are you sure the domain is setup correctly?

Have you tried to access your domain via an external connection (for example your phone)?

What do you use to setup the domain? Did you use something on the FreedomBox?

Hello balduin, give me a moment, I’m struggling too. Trying to figure it out. As soon as I come across some progress, I’m going to shoot you a message. I’ll explain what I did, of course you might beat me to the punch?

NOT KOOL!!! I think my freedombox is freaking out on me? I’m having trouble accessing it. ok, looks like I’m in again :slight_smile:

I hope this is a good sign?

NAT type

Behind NAT. This means that Dynamic DNS service will poll the “URL to look up public IP” for changes (the “URL to look up public IP” entry is needed for this, otherwise IP changes will not be detected). In case the WAN IP changes, it may take up to 5 minutes until your DNS entry is updated.

1 Like

@Nomad, The domain has not been setup properly. It does not point to the IP address of your FreedomBox (or home network). For this, you need to own the domain (must have bought it from a domain name provider) and setup in the domain name provider’s control panel.

If you don’t own this domain, consider getting a free subdomain from from the services . Then configure your Dynamic DNS service with these details. See Dynamic DNS manual page.

Next thing, make sure the your router has ‘public’ IP address. You can find out by logging into the router, getting ‘WAN’ IP address from there and checking if that is outside the range of a private IP address.

Wireguard is available on only on testing distribution and not on stable distribution that comes with Pioneer edition. Use OpenVPN instead.

1 Like