-3

I have a problem with obtaining a certificate from let's encrypt. My website is: www.webuilder.co.uk. All the time I am receiving an error like this:

Error

My settings are like this:

Ubuntu Virtualbox

If any other information are required please let me know, help me solve this problem as I am struggling with it for days now

Edit:// I think I have found the problem but now need solution

when I type: nslookup -type=soa webuilder.co.uk I get:

;; Got recursion not available from 217.160.82.109, trying next server
Server: 87.237.17.182
Address: 87.237.17.182

Non-authoritative answer:
webuilder.co.uk

origin = ns1088.ui-dns.de
mail addr = hostmaster.1and1.com
serial = 101720101
refresh = 28800
retry = 7200
expire = 604800
minimum = 600

Authoritative answers can be found from:
webuilder.co.uk nameserver = ns1120.ui-dns.biz
webuilder.co.uk nameserver = ns1109.ui-dns.com
webuilder.co.uk nameserver = ns1103.ui-dns.org
webuilder.co.uk nameserver = ns1088.ui-dns.de
ns1109.ui-dns.com internet address = 217.160.82.109

So is that the issue? These are the default nameserver for 1&1, should I change it? What to?

Przemek
  • 113
  • 4
  • https://i.stack.imgur.com/6wZhK.jpg Domain settings 1&1 https://i.stack.imgur.com/I9gpe.jpg Router settings – Przemek Feb 02 '17 at 21:04
  • 2
    Please edit your question to include the information. The problem looks to be Let's Encrypt can't contact your server to do the required validation. I believe Let's Encrypt requires a domain name and a publicly routable web server. Tutorial here: https://www.photographerstechsupport.com/tutorials/hosting-wordpress-on-aws-tutorial-part-5-free-https-https2-for-wordpress-using-lets-encrypt-aws/ – Tim Feb 02 '17 at 21:33
  • What you mean to include the information? So how can I fix this? You have my settings in the pictures – Przemek Feb 02 '17 at 21:34
  • People typically include text information and logs inline rather than relying on screenshots. Do everything you can to make it easy for people to answer your question, otherwise people won't bother. I also gave you a significant piece of information to help you solve the problem. – Tim Feb 02 '17 at 21:36
  • I've tried something similar just as your link suggests. someone has said: To this novice I think one of your problems is not forwarding port 443/HTTPS traff. do you think that's the issue? – Przemek Feb 02 '17 at 21:46
  • Let's Encrypt does not rely on port 443 for validation so that's most likely not it. I'd have a look but I'm on mobile and screenshot are just annoying. – Ginnungagap Feb 02 '17 at 21:57
  • It's impossible to tell what the problem is, you haven't given enough information. It seems illogical that https is required to get an https certificate. You need to share your web server configuration showing what / how it's listening, you haven't even said what you're using. I know in Nginx I had to define a listener on port 80 for a specific folder on the server. – Tim Feb 02 '17 at 21:58
  • Scratch my previous comment, it does require 443 when run in standalone. But for heavens sake, get rid of the screenshots. – Ginnungagap Feb 02 '17 at 22:04
  • Well, DNS is fine because I can resolve your address correctly. But I cannot ping your IP address (or load the webpage), so it's either routing or firewall as the problem. – axus Feb 03 '17 at 00:19
  • @axus try now as webserver was off maybe that's why ;) – Przemek Feb 03 '17 at 07:35

1 Answers1

0

To obtain a valid certificate, LetsEncrypt requires the ability to validate the server and domain, which normally requires placing text in an HTTP-accessible location on your webserver - this will most likely not work in home-lab environments as your VM will be behind your home router.

In your instance here, the domain validation is failing due to your webserver not being contactable over HTTPS on port 443, which LetsEncrypt uses as its default challenge method when run in standalone mode.

There is an alternative method available which uses plain-text HTTP on port 80.To use this, add --standalone-supported-challenges http-01 as per the documentation and run the command from your public web-server.

There is also a dns-01 challenge method which is only supported by the unofficial dehydrated client for LetsEncrypt. This allows you to create certificates for non-public servers using DNS as the validation method, and requires you to create TXT records to validate the domain.

Regardless of the challenge method, LetsEncrypt cannot be used to generate certificates for non-public TLDs (e.g. example.local) or TLDs that you do not own/manage (e.g. google.com).

Also as requested in the question comments, please in future paste text into the question, rather than posting screenshots.

Craig Watson
  • 9,370
  • 3
  • 30
  • 46
  • Ok I understand however my website can be accessed by public as I have set everytinh up. You said that my webserver is not being contactable over HTTPS on port 443, how do I allow that? – Przemek Feb 03 '17 at 09:13
  • You don't. You use the alternative challenge to use port 80 instead. – Craig Watson Feb 03 '17 at 09:28