I have some problems with certificates. I’ve added server.host property in server.properties file, and contact.email property in server.properties. I did exactly the same as this picture is showing(LINK) but no luck with that.
As soon as I start my server, that’s what I got as an output: I have also port forwarded internet port 80 to intranet port 8080 and internet port 443 to 9433. What could be the problem? I’m working with RPi3.
Blynk Server 0.31.0-SNAPSHOT successfully started.
All server output is stored in folder '/home/pi/BlynkServer/logs' file.
Generating own initial certificates...
Error during certificate generation.
Network error
There is just too many “what if” when it comes to troubleshooting network related problems. I’d suggest you try creating the certs manually. You’ll at least get some better error logs that could point you (us) to the real problem.
I tried to manually generate Let’s Encrypt Certificates, and that’s what I got out:
pi@raspberrypi:~ $ wget https://dl.eff.org/certbot-auto
--2018-02-10 21:09:50-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 2a04:4e42:1b::201, 151.101.36.201
Connecting to dl.eff.org (dl.eff.org)|2a04:4e42:1b::201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 61939 (60K) [application/octet-stream]
Saving to: ‘certbot-auto.2’
certbot-auto.2 100%[===================>] 60.49K --.-KB/s in 0.05s
2018-02-10 21:09:51 (1.26 MB/s) - ‘certbot-auto.2’ saved [61939/61939]
pi@raspberrypi:~ $ chmod a+x certbot-auto
pi@raspberrypi:~ $ ./certbot-auto certonly --agree-tos --email my.email@gmail.com --standalone -d
xx.xxx.com
Requesting to rerun ./certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xx.xxx.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xx.xxx.com (http-01): urn:acme:error:connection :: The server could not connect
to the client to verify the domain :: Fetching http://xx.xxx.com/.well-known/acme-
challenge/cKWRV8gh56e1Ebpxf2yZx4IdpIy_b-Jo82f5qTHb1-8: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: xx.xxx.com
Type: connection
Detail: Fetching
http://xx.xxx.com/.well-known/acme-challenge/cKWRV8gh56e1Ebpxf2yZx4IdpIy_b-Jo82f5qTHb1-8:
Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Here on forums, I replaced email and domain name with “x”-es, but I entered the right informations when creating the SSL certificates. If you want to check the domain, feel free to PM me.
Sure. I can access Blynk administration panel, and also control my room(via Blynk APP) when I’m on mobile data. That’s why I don’t understand why on the earth it doesn’t work. I even checked ports on canyouseeme.org and everything seems to be fine. Even all my connections are working from outside of my network.
I certbot creates a temporary webserver listening on port 80 (and 443?) and I’m guessing those are redirected to port 8080 and 9443, aka the Blynk server.
Port 80 is opened by default. Anyway, I deleted “TEST SSL” rule on my router, and it still doesn’t work. I may just configure VPN and access my home network via OpenVPN server. Distans… Thanks a lot for your time and quick responses!
In case you do not start Blynk server on port 80 (http.port property in server.properties) you need to add port forwarding rule from 80 to 8080. As LEt’s Encrypt servers check host availability via regular HTTP request that goes to port 80. And default Blynk HTTP port is 8080.
You might want to limit unencrypted WAN access to the router!
