error with letsencrypt?

I am messing with dietpi in a VM with virtual box on a windows machine. I keep getting this error when trying to get an ssl cert.

The machine has an internet connection I can’t load a web page just fine.

Got this running apt upgrade


there seems to be an issue for apt reading actual status file. Might be it got corrupted. Let’s try following

/boot/dietpi/func/dietpi-set_software apt-cache clean
apt update

BTW: if possible, pls connect using SSH and try to copy/past the error message. It’s more easier than creating screen shots. :wink:

Ok thank you that worked, I am now getting a new error. I have a free domain with no-ip, I am unable to connect to nextcloud with that domain from an external network, so the domain appears to be working. I have forwarded 80 and 443 on the internal ip of the dietpi install.

But I keep getting this.

[  OK  ] DietPi-LetsEncrypt | Lighttpd webserver detected
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see
Please see the logfiles in /var/log/letsencrypt for more details.
[FAILED] Certbot failed with error code (1), please check its terminal output. Aborting...

EDIT### Hmmm, looks like it may be because I am using a super common domain from no-ip that they are preventing it from working.

You hit the Let’s Encrypt rate limit. I think you need to wait for an hour before you can retry. Then try once only and on case paste the error message here.

I tried a different domain, prefer this one anyways. Here is what is happening. Just to be clear I am running the no-ip exe on the host windows machine with two domains that go to my home ip.I had dietpi running on an SBC, it was setup with SSL and I could access it from the domain. I have that shut down so that it doesn’t interfere with what I am trying to do here. I am now getting this error.


  • The following errors were reported by the server:
   Domain: xxxxxxxxxx
   Type:   connection
   Detail: Fetching
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
[FAILED] Certbot failed with error code (1), please check its terminal output. Aborting...

If you manually place a file at that location, e.g. /var/www/.well-known/acme-challenge/test, can you open it in a browser from outside of your LAN? The ACME server is doing exactly that :thinking:.

Negative. If I try with a local ip I get 403 forbidden. But I can access nextcloud over local ip.

Anything special in virtualbox I need to worry about?

But you created that file, right?
When you use a bridged network for the VM it should behave exactly like any other physical host attached to the metal l network. The functional access to Nextcloud basically verifies this.

Can you create a test file in the webroot, e.g. /var/www/test and try to access it via /test, if that works /var/www/.well-known/test? If the files definitely exist but you get a 403, then some non-default Lighttpd setting is blocking it at some point, so let’s see where this is the case. = 403 forbidden = 404 not found

And just to make sure we’re on the same page here.

But the file has a capital F, while you entered the URL with lower case f, isn’t it? :slight_smile:
When you create an index.html in the test dir, accessing the dir should work as well. Although directory indexing sound be enabled by default add well.

But please try with the .well-known/acme-challenge dir, so that we test the extract access the ACME server does.

Did you install any other web application aside of Nextcloud?

Ok sorry yes its capital, I can access the frog through local ip but not remotely with the domain. I put it in the acme-challenge directory and I can see it on the network.

Here is what I have installed.

Ok sorry for all the trouble. I’m sure it gets old holding peoples hand. I had port 80 and port 443 forwarded to and which is the SBC and the VM. As soon as I deleted the forward to the SBC all is well.

I guess I need a vlan or something if I want to turn those two devices on my network.

Ah yes, probably one device can act as reverse proxy for the other, forwarding certain URL paths are a subdomain. That would also allow to configure HTTPS only on one while the other can safely stay with simple HTTP as backend.

Thanks, much learning to do. :smiley:

Yep, port forwarding can be done to a single system only. It’s not possible to forward same port to 2 or more device. This as well is reflected in the error message on one of the first post. Letsencrypt was not able to reach your system.

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address

This can be bypassed by using a revers proxy. This way you can reach multiple systems in the back. The whole SSL handling and forwarding will be done by the proxy based on sub-path or sub-domain.

Thanks, it’s something I keep seeing mentioned, haven’t taken the time to dig into it.