Unable to obtain certificate for my domain

I’m trying to setup letsencrypt for my custom domain, however it is unable to to create a certificate.

Problem Description
I am trying to install letsencrypt on my domain, but get an error message.

Expected Results
Expect to get a certificate.

Actual results
An error message.


Device: Pioneer Freedombox
Debian v11.2

Who is your domain host?

Have you confirmed the domain is using your current external IP address? Unless your ISP serves you a static IP address, you may need a DDNS service.

My domain host is godaddy.com

If I understand external IP address correctly, it is the public ip address? If I didn’t have this, wouldn’t my webpage be unaccessible? It is accessible, so I interpret the answer to this question to be yes. In that case I use an ipv6 address.

I’m not sure how I check whether I use a static or dynamic address.

There are no records for the domain noted in your screenshot. Here is a dig for this URL:

dig hage.vegafjord.me

; <<>> DiG 9.18.4 <<>> hage.vegafjord.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49127
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

No error, but no record found either. The dig does not have an answer section.

Are you sure your domain is up?

I have added it to my DNS, so I don’t understand why it shouldn’t work.

Your domain appears to have propagated across DNS now, but there appears to be no route to that host on port 80.

Let’s encrypt will need to initially connect on port 80, then on 443. Neither of those ports are accepting connections for hage.vegafjord.me unfortunately.

1 Like

Looks like a routing issue with IPV6:

$ traceroute 2a01:799:3da:6c00:a317:99b5:caa2:78b6
traceroute to 2a01:799:3da:6c00:a317:99b5:caa2:78b6 (2a01:799:3da:6c00:a317:99b5:caa2:78b6), 3
0 hops max, 80 byte packets
connect: Network is unreachable

Which means you’ve got to get that sorted before Let’s Encrypt will even find your server.

How do I open port 80 and 443 on my freedombox?

You can check which services are firewalled on the freedombox, System > Firewall. I don’t know if it observes individual ports.

You could SSH into the FB and check if the Debian firewall (ufw) is installed/running first.

If it’s running, then check if it has those ports blocked. I think by default they should be open. Always best to check. Should be easy enough to do.

More Info:


*EDIT: Also worth asking; Is your FB is at home behind a router, or hosted in the cloud somewhere?

The freedombox is hosted at my home. The ethernet cable is plugged directly into the wall.

I looked into the firewall, but it seems like port 80 and 443 is open.

@Frankie FreedomBox uses firewalld, not UFW. The ports have to be opened on the router as opposed to the FreedomBox’s firewall.

This might help:

@ nbenedek Hey Thanks for the correction!

1 Like