Info because i had this Problem and wanna remember me .
When you have a myfritz or/and a dyndns setup directly on the Fritzbox, a portforwarding via z.b. nginx Proxy manager will always ends on the Fritzbox Login Page until you removed them and Update the dyndns via a other Maschine or homeassistent Integration (duckdns addon). IPV6 doesnt support NAT.
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[10:29:39] INFO: Selected DNS Provider: null
[10:29:39] INFO: Use propagation seconds: 60
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. > certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
I can’t get it to work. I’m not sure whether it has something to do with my FritzBox or HA settings. Will share my settings so hopefully others can profit as well.
Step I 1 to 3: worked fine.
Step I 4: Can’t ping xxxxxxxxx.myfritz. net with my phone (mobile data). Also tried https:// xxxxxxxxx.myfritz. net:63465 without luck. Under Internet → MyFRITZ!-Konto I checked “MyFRITZ! für diese FRITZ!Box aktiv“, „Internetzugriff auf die FRITZ!Box über HTTPS aktiviert“ and „Zertifikat von letsencrypt.org verwenden (empfohlen)“.
Step II 4: Port forwarding for HTTP is set to port 80 internal and external. For HTTPS I can not set the external port to 8123 and it automatically sets it to 443 (default). Anyway, it should work with just HTTP being set.
Step II 5: I get the following log in Let’s Encrypt:
[12:51:12] INFO: Selected http verification
[12:51:12] INFO: Detecting existing certificate type for xxxxxxxxx.myfritz. net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[12:51:15] INFO: No certificate found - using ‘ecdsa’ key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for xxxxxxxxx.myfritz. net
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: xxxxxxxxx.myfritz. net
Type: connection
Detail: 2a02:9x8:f00x:fx::1279: Fetching http:// xxxxxxxxx.myfritz. net/.well-known/acme-challenge/A5LiWJEMIT1sr9DocoOGSNVBgAwP6kkfW9Z_UVuEirQ: Error getting validation data
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Hello everyone, and thank you for your very useful advice. Regarding this procedure, I always have the problem that I cannot get Let´s Encrypt to produce a certificate. I have followed the guide scrupulously step by step but nothing, I get stuck at Step 2. I´ve tried Port 80 and Port 8001 too.
Please help me!
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Question: why is there no IP address shown in the second screenshot? Did you remove it or is it empty?
Second, please remove keytype: rsa from the Let’s Encrypt configuration. This has recently changed in the add-on. I will update the instructions above to reflect that.
BTW: Is t6ufraakaum04ol.myfritz.net your real domain name? If yes, it’s not a good idea to make it public. Use a fake domain instead.
I removed the line you told me, the result has changed but always don´t work.
[00:06:39] INFO: Selected http verification
[00:06:40] INFO: Detecting existing certificate type for xxxxxxxxxxxxxxx.myfritz.net:28247
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[00:06:41] INFO: No certificate found - using ‘ecdsa’ key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
That means certificate creation does not work. This is usually the case when the add-on is not reachable from the internet. Either port forwarding or DDNS is not working or you are using DS-Lite. Which type of Internet connection do you have? DSL, cable, fiber?
It looks like the Domain Name configured in the let’s encrypt add-on includes this Port. But the yaml you posted above does not. Can you please Check. Post your yaml again but use the quote format for the text.
Which DSL Provider are you using?
Please first Check if 1&1 provided you with Ds-lite. If yes, you do not have a public Ip4 address. If this is the case you can ask them to provide you with full DS. With Ds-lite you cannot use IP4 port forward.
So I talked to the 1&1 service department and they told me that I have a Full DS.
I am attaching 2 screenshots to see if I am screwing something up in the settings. Thanks for the help
.
