HAOS 0.113.3 - Setup of Letsencrypt addon with http challenge

Configuration
1

Hello ,

HAOS installed in RPI3 ( version 0.113.3)

To have the remote access available , I have setup both the DuckDns addon and the Letsenscript addon for http challenge ( first step) as per the addon documentation.
The port forwarding 80 - 80 has been also setup in the ADSL Router

When the Letsenscript addon start , it fails with the following errors

- The following errors were reported by the server:
   Domain: xxxxx.duckdns.org
   Type:   connection
   Detail: Fetching
   http://xxxxxx.duckdns.org/.well-known/acme-challenge/PXcZTB8clLXD2mYNPu2107ThiYQXX9p_Ty9rbhC0ye8:
   Timeout during connect (likely firewall problem)

The full log

[18:01:59] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxxx.duckdns.org
Waiting for verification...
Challenge failed for domain xxxxxx.duckdns.org
http-01 challenge for xxxxxx.duckdns.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: xxxxxxx.duckdns.org
   Type:   connection
   Detail: Fetching
   http://xxxxx.duckdns.org/.well-known/acme-challenge/PXcZTB8clLXD2mYNPu2107ThiYQXX9p_Ty9rbhC0ye8:
   Timeout during connect (likely firewall problem)
   To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.

Please any advice ?

Thank you

2

Remove Let’s Encrypt addon, use only Duck DNS it will do both.
duckdns

3

Thank you @Vlad for your reply.

I removed Letenscrypt addon and then still not working with only Duckdns addon.

Even with the use of my public IP address , the port forwarding does not work so without Duckdns use.

Sounds like the Fiber Router port forwarding function is not working .
Will have to see with the Internet provider !

4

Hello @gerardosamara I have the same error message.

Can the internet provider solve this issue ?
Thank you

5

Hi @Thanabut_Bhunpitak,

Since that time ( august end) I have moved to another area so I did not continue to work on this problem

Now I am testing HA supervised on Debian 10 over Proxmox with an ISP connection with 4G Router.

Regards

6

Thank you @gerardsamara for your reply.

I guess the root cause is no permission for port 80 and 443.
So, I contact to my internet provider and ask them to give the permission.

Then the issue was fixed.
I able to certificate Let’s Encrypt and start NGINX and Duck Dns as well.

7

Back to test , http challenge fails in the new house configuration with Internet box 4G ( NAT 80 <-> 80 and 8123<->8123)

Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxx.duckdns.org
Waiting for verification...
Challenge failed for domain xxxx.duckdns.org
http-01 challenge for xxx.duckdns.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: xxx.duckdns.org
   Type:   connection
   Detail: Fetching
   http://xxx.duckdns.org/.well-known/acme-challenge/cQJLWt6vxKQkJCJ0JNbdBIcXRxBxrtXIidOpfqSjMsw:
   Connection refused

.
==>> EDIT : http challenge works now with this new test and configuration re-built , I mixed-up NAT configuration by mistake in the router between my 2 VM/HA systems
==>> CLOSED