Hey,
I can’t install Let’s encrypt on my installation.
What webroot should I use?
“1: Enter a new webroot”
Duckdns is working…
Where is the prompt you’re referring to coming from? If it’s from something to do with LetsEncrypt (eg certbot) then provide the full name of your DuckDNS host.
Actually, if this is from certbot, don’t use the webroot plugin, but the standalone one.
Then it says this:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for myhostname.duckdns.org
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.Try running it as root (eg put sudo before the command) and it’ll solve that problem. You’ll also need to forward port 80 from your router to the system you’re running certbot on.
Still got the problem when i do as root.
I use this: sudo ./certbot-auto certonly --standalone --preferred-challenges http-01 --email [email protected] -d mydomain.duckdns.org
What problem?
Maybe i’m doing it wrong. I’m using this guide: https://home-assistant.io/docs/ecosystem/certificates/lets_encrypt/
This problem:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for myhostname.duckdns.org
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.It may be that you’ve got something else using port 80, let’s have a look:
netstat -pant|egrep ":80\s|:443\s"
That’ll show any processes using port 80 or 443
This is the ouput:
pi@raspberrypi:~/letsencrypt $ netstat -pant|egrep ":80\s|:443\s"
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 192.168.2.200:39278 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39324 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39262 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39298 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:50382 17.248.150.46:443 ESTABLISHED -
tcp 0 0 192.168.2.200:39284 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39292 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39272 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39266 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39282 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39316 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39342 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39336 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39328 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39268 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39288 192.168.2.200:80 TIME_WAIT -
tcp 1 0 192.168.2.200:38992 173.194.221.121:443 CLOSE_WAIT -
tcp 0 0 192.168.2.200:39338 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39294 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39312 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39280 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39346 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39256 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:51950 17.248.150.118:443 ESTABLISHED -
tcp 0 0 192.168.2.200:39304 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39274 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39318 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39340 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39306 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39332 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39326 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39290 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39322 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39308 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39296 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39260 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39302 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39314 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39334 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39258 192.168.2.200:80 TIME_WAIT -
As root:
pi@raspberrypi:~/letsencrypt $ sudo netstat -pant|egrep ":80\s|:443\s"
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 723/deCONZ
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 723/deCONZ
tcp 0 0 192.168.2.200:39010 52.43.46.37:443 TIME_WAIT -
tcp 0 0 192.168.2.200:50382 17.248.150.46:443 ESTABLISHED 951/python3
tcp 0 0 192.168.2.200:39348 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39342 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39374 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39336 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39416 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39378 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39368 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39404 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39350 192.168.2.200:80 TIME_WAIT -
tcp 1 0 192.168.2.200:38992 173.194.221.121:443 CLOSE_WAIT 951/python3
tcp 0 0 192.168.2.200:39370 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39338 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39360 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39386 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39380 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39388 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39346 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39414 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:51950 17.248.150.118:443 ESTABLISHED 951/python3
tcp 0 0 192.168.2.200:39392 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39362 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39382 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39356 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39418 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39410 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39372 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39340 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39358 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39396 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39366 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39408 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39352 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39398 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39406 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39384 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39334 192.168.2.200:80 TIME_WAIT -
tcp 0 0 192.168.2.200:39400 192.168.2.200:80 TIME_WAIT -Ok, so you’ve got processes using both port 80 and port 443, that’s going to be an issue
Now let’s see what they are:
sudo netstat -pant|egrep "\.0:80\s|\.0:443\s"Output:
pi@raspberrypi:~/letsencrypt $ sudo netstat -pant|egrep "\.0:80\s|\.0:443\s"
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 723/deCONZ
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 723/deCONZThat’s your problem. You need to find a way to configure that to leave one of those ports alone, or you’re going to have to manually renew your LetsEncrypt certificates.
Thank you very much, I will try to get this to work.
Managed to change port of deCONZ to 9090.
Now I got this error instead:
sudo ./certbot-auto certonly --standalone --preferred-challenges http-01 --email [email protected] -d mydomain.duckdns.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mydomain.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mydomain.duckdns.org/.well-known/acme-challenge/Un4P-_A3y7DR890BLAI-412jsqFniO6YMf_pa331RE0: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mydomain.duckdns.org
Type: connection
Detail: Fetching
http://mydomain.duckdns.org/.well-known/acme-challenge/Un4P-_1237DR890BLAI-8b4jsqFniO6YMf_pa431RE0:
Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.Did you remember to configure a port forward on your router, forwarding port 80 to your Pi?
Yes, thats done.
But now I cant fetch the deCONZ rest api im home assistant… (since the port change on deconz)
Does anyone have any tips?
When I change port of deCONZ I can’t see my lights.
You’ll need to change the port deCONZ uses and forward those ports, or switch to controlling those lights directly from Home Assistant.