I’m trying to setup letsencrypt for my custom domain, however it is unable to to create a certificate.
I am trying to install letsencrypt on my domain, but get an error message.
Expect to get a certificate.
An error message.
Device: Pioneer Freedombox
Who is your domain host?
Have you confirmed the domain is using your current external IP address? Unless your ISP serves you a static IP address, you may need a DDNS service.
My domain host is
If I understand external IP address correctly, it is the public ip address? If I didn’t have this, wouldn’t my webpage be unaccessible? It is accessible, so I interpret the answer to this question to be yes. In that case I use an ipv6 address.
I’m not sure how I check whether I use a static or dynamic address.
There are no records for the domain noted in your screenshot. Here is a
dig for this URL:
; <<>> DiG 9.18.4 <<>> hage.vegafjord.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49127
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
No error, but no record found either. The
dig does not have an answer section.
Are you sure your domain is up?
I have added it to my DNS, so I don’t understand why it shouldn’t work.
Your domain appears to have propagated across DNS now, but there appears to be no route to that host on port 80.
Let’s encrypt will need to initially connect on port 80, then on 443. Neither of those ports are accepting connections for
Looks like a routing issue with IPV6:
$ traceroute 2a01:799:3da:6c00:a317:99b5:caa2:78b6
traceroute to 2a01:799:3da:6c00:a317:99b5:caa2:78b6 (2a01:799:3da:6c00:a317:99b5:caa2:78b6), 3
0 hops max, 80 byte packets
connect: Network is unreachable
Which means you’ve got to get that sorted before Let’s Encrypt will even find your server.
How do I open port 80 and 443 on my freedombox?
You can check which services are firewalled on the freedombox, System > Firewall. I don’t know if it observes individual ports.
You could SSH into the FB and check if the Debian firewall (ufw) is installed/running first.
If it’s running, then check if it has those ports blocked. I think by default they should be open. Always best to check. Should be easy enough to do.
*EDIT: Also worth asking; Is your FB is at home behind a router, or hosted in the cloud somewhere?
The freedombox is hosted at my home. The ethernet cable is plugged directly into the wall.
I looked into the firewall, but it seems like port 80 and 443 is open.
@Frankie FreedomBox uses firewalld, not UFW. The ports have to be opened on the router as opposed to the FreedomBox’s firewall.
This might help:
First, you should go to
https://ddns.freedombox.org/ip and set the IP that you see as an A record for your domain.
You should then log in to your router’s admin interface and assign a static local IP address to your FreedomBox. Once you’ve done that, look for DMZ or Port Forwarding. If there’s DMZ, go for it, otherwise set up port forwarding for your FreedomBox’s IP on port 80 and port 443.
This is what it may look like:
At this point, if everything went well, …
nbenedek Hey Thanks for the correction!