Error Message After Running Let's Encrypt

Problem Description
When I attempt to obtain a certificate using Let’s Encrypt, I get a Failed to obtain certificate for domain johnclint.net message.

Steps to Reproduce

  1. Login to FreedomBox.
  2. Go to Let’s Encrypt page.
  3. Select Obtain button.

Expected Results
I expected a valid certificate to be generated.

Actual results
I receive this error message:

Failed to obtain certificate for domain johnclint.net: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None An unexpected error occurred: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xb3909508>: Failed to establish a new connection: [Errno -2] Name or service not known')) Please see the logfiles in /var/log/letsencrypt for more details.

Screenshot

Information

  • FreedomBox version: 22.9
  • Hardware: Pioneer
  • How did you install FreedomBox?: From mini-SD card provided by Olimex.

Ports TCP 80 and 443 on my router are configured to forward to my FreedomBox. A static DNS for my FreedomBox is assigned on my router. My domain name is configured on my FreedomBox.

If you go to your domain in your browser, are you able to access your FreedomBox?

This is the pre-requisite for Let’s Encrypt to work.

Hello, James.

Yes, I can access my FreedomBox from my domain name (www.johnclint.net).

There’s a difference between johnclint.net and www.johnclint.net. In the DNS Records, you should point your IP to your domain without www.

Hey, Benedek.

I did as you suggested and I’m still getting an error message from Let’s Encrypt.

May I go over the steps for Let’s Encrypt outlined in the FreedoxBox Manual? Perhaps you can spot what I am doing wrong.

Thanks!

JohnClint

  1. My FreedboxBox is behind a router. In my router admin control panel, I have forwarded ports 80 and 443 to my FreedomBox IP address.
  1. In FreedoxBox > System > Configure, I have made the domain name known.
  1. This is what I see in FreedoxBox > System > Name Services:
  1. In FreedomBox > System > Let’s Encrypt, when I click Obtain, this is what I see:

In the DNS Records, you should point your IP to your domain without www.

Can you post a screenshot of your settings at domains.google.com ?

Sure. Here it is.

1 Like

Can you reboot your box and then obtain a certificate again?

Hey, Benedek!

I rebooted by FreedomBox and tried Let’s Encrypt again. I’m still getting this error message.

Failed to obtain certificate for domain johnclint.net: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None An unexpected error occurred: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xb39924a8>: Failed to establish a new connection: [Errno -2] Name or service not known')) Please see the logfiles in /var/log/letsencrypt for more details.

I would recommend to delete your “internal” IP-adress “192.168.1.2” from the A-Record in Google Domains-DNS-Custom Records-www-entry

I checked the connection to your domains yesterday with no luck. Now it works. Maybe try let’s-encrypt again.

Cheers Uli

1 Like

Hey, Uli!

As you suggested, I removed the internal IP address from the A record. I waited an hour. I rebooted my Freedbox box. I tried Let’s Encrypt again. Same old error message.

BTW, my FreedomBox frequently becomes unreachable. I have to reboot it before I can access it again.

Also BTW, I get error messages when I try to install ejabberd, Matrix Synapse, and Postfix/Dovecot on my FreedomBox. I haven’t tried all the apps, but ikiwiki is the only app I’ve installed successfully.

Hi, I would suggest to start over.

If you have a fresh sd-card use this to install the freedombox-image ans try again.

Or try the FBX-GnuDIP-DNS-Service or the DNS-service https://www.nsupdate.info/ first to eliminate problems with the google-dns-domain.

What ISP you are using? Check, if http and https are reachable from the internet:

So many options - sorry :slight_smile:

I am able to reproduce this issue on a new Linode VPS running Debian 11 with FreedomBox 22.10.

I was also able to solve the issue with the following steps:

  1. I changed my hostname from “localhost” to another name.
  2. I (again) set my domain name in Configuration.
  3. I ran this command as root on the FreedomBox VPS:
    systemctl start systemd-resolved
  4. Then I went to the Let’s Encrypt page to obtain the certificate again.

Step 3 was the step that fixed the issue. I don’t know if steps 1 and 2 are really required, but it fixes the domain name not displayed correctly on Configuration page.

I got the idea to start systemd-resolved from this issue:

But it is not exactly the same, since we are not running in a snap.

1 Like