Automatic Let's Encrypt Certificates NETWORK ERROR

I have some problems with certificates. I’ve added property in file, and property in I did exactly the same as this picture is showing(LINK) but no luck with that.

As soon as I start my server, that’s what I got as an output: I have also port forwarded internet port 80 to intranet port 8080 and internet port 443 to 9433. What could be the problem? I’m working with RPi3.

Blynk Server 0.31.0-SNAPSHOT successfully started.
All server output is stored in folder '/home/pi/BlynkServer/logs' file.
Generating own initial certificates...
Error during certificate generation.
Network error

There is just too many “what if” when it comes to troubleshooting network related problems. I’d suggest you try creating the certs manually. You’ll at least get some better error logs that could point you (us) to the real problem.

Manual Let’s Encrypt SSL/TLS Certificates

I tried to manually generate Let’s Encrypt Certificates, and that’s what I got out:

pi@raspberrypi:~ $ wget
--2018-02-10 21:09:50--
Resolving ( 2a04:4e42:1b::201,
Connecting to (|2a04:4e42:1b::201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 61939 (60K) [application/octet-stream]
Saving to: ‘certbot-auto.2’

certbot-auto.2      100%[===================>]  60.49K  --.-KB/s    in 0.05s

2018-02-10 21:09:51 (1.26 MB/s) - ‘certbot-auto.2’ saved [61939/61939]

pi@raspberrypi:~ $ chmod a+x certbot-auto
pi@raspberrypi:~ $ ./certbot-auto certonly --agree-tos --email --standalone -d
Requesting to rerun ./certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect 
to the client to verify the domain :: Fetching
challenge/cKWRV8gh56e1Ebpxf2yZx4IdpIy_b-Jo82f5qTHb1-8: Timeout

 - The following errors were reported by the server:

   Type:   connection
   Detail: Fetching

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

Here on forums, I replaced email and domain name with “x”-es, but I entered the right informations when creating the SSL certificates. If you want to check the domain, feel free to PM me.

Connection issue somewhere…

urn:acme:error:connection :: The server could not connect

Are you running the Blynk server and have ports forwarded? Can you access the computer from the outside?

Sure. I can access Blynk administration panel, and also control my room(via Blynk APP) when I’m on mobile data. That’s why I don’t understand why on the earth it doesn’t work. I even checked ports on and everything seems to be fine. Even all my connections are working from outside of my network.

I certbot creates a temporary webserver listening on port 80 (and 443?) and I’m guessing those are redirected to port 8080 and 9443, aka the Blynk server.

Run sudo iptables -L to check it.

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   

Here is a picture of my router’s port forwarding site.

What could be the problem?

You are forwarding “Test SSL” on port 443 to 9443. Try disable that rule while running the certbot. Might do the trick!

Edit: Your router doesn’t catch port 80 for remote (insecure) management?

Port 80 is opened by default. Anyway, I deleted “TEST SSL” rule on my router, and it still doesn’t work. I may just configure VPN and access my home network via OpenVPN server. Distans… Thanks a lot for your time and quick responses!

:nauseated_face: You might want to limit unencrypted WAN access to the router!

I guess you don’t want to install Apache :stuck_out_tongue:

You could try the online generator:

Or try add some switches to force it to use 443 instead of 80:

--preferred-challenges tls-sni

You have the whole night to figure it out :wink:

Soon you’ll realize that you’re my guinea pig :smile:

I mark it as “solved” for the time being since it’s most probably a router issue.

In case you do not start Blynk server on port 80 (http.port property in you need to add port forwarding rule from 80 to 8080. As LEt’s Encrypt servers check host availability via regular HTTP request that goes to port 80. And default Blynk HTTP port is 8080.