Cant get "Lets Encrypt" to work

Hi.
Cant figure if im doing something wrong.
I’m trying to generate a certificate automaticly via Lets Encrypt as to the user guide on Github. Seems very straight forward.

When i reboot i get no secure connections and i have this log:

06:31:25.527 INFO - Using data dir '/home/pi/Blynk'
06:31:37.705 INFO - Region : local
06:31:48.756 INFO - Initializing gmail smtp mail transport. Username : gummiand@gmail.com. SMTP host : smtp.gmail.com:587
06:31:49.271 INFO - Didn't find custom user certificates.
06:31:49.298 INFO - Didn't find Let's Encrypt certificates.
06:31:49.301 INFO - Automatic certificate generation is turned ON.
06:31:52.457 WARN - ATTENTION. Server certificate paths (cert : '/home/pi', key : '/home/pi') not valid. Using embedded server certs and one way ssl. This is not secure. Please replace it with your own certs.
06:32:01.383 INFO - Hardware plain tcp/ip server listening at 8442 port.
06:32:01.409 INFO - Hardware SSL server listening at 8441 port.
06:32:01.416 INFO - Application server listening at 8443 port.
06:32:01.424 INFO - HTTP API and WebSockets server listening at 8080 port.
06:32:01.432 INFO - HTTPS API, WebSockets and Admin page server listening at 9443 port.
06:32:01.440 INFO - Mqtt hardware server listening at 8440 port.
06:32:01.561 INFO - Starting up certificate retrieval process for host "my host here" and email "my email here".
06:32:24.295 INFO - Account does already exist, URI: https://acme-v01.api.letsencrypt.org/acme/reg/20145616
06:32:26.243 INFO - Authorization for domain xxx.xx

The link in the log also gives this:

{
  "type": "urn:acme:error:malformed",
  "detail": "Method not allowed",
  "status": 405
}

And needed to say i have the same error as this guy, but he was told it wasn’t critical so i dont know if it is related
TUTORIAL: From (PI) Zero to Local Blynk Server: - #35 by Brummer]

@iclimb do you have a domain name to use with Lets Encrypt?

@Costas Yes… I just removed it from the log. I did just as the nice instructions. Inserted the host and mail into server.Properties. Made redirection. And booted again

Hello. Please enable trace mode for logging and post logs again.

log.level=trace

Hi again. While i was getting the log i noticed that it for som reason hadn’t saved my iptables. fixing that made it work.

But now i have another problem. When trying to connect with the app it just keeps connecting. Nothing happens. It only works on LAN with local ip. not the hostname or wan ip. either connected to network or from outside network. My port forwards should be fine. I have 8440-8443, 80,443 forwarded. I have several other type of servers running on the network with port forward without problems. The Admin console is also reachable from outside. Have you any thoughts of what causes this

What IP do you connect to from outside? Do you connect from 3g?

I connect to my hostname (iclimb.dk) or my ip. That doesn’t make a difference. My other servers work (NAS and others), and the admin console works. but not the app. have not tried the hardware yet.

So far i have only tried from 3G/LTE and my own WIFI (same as the server is on). Not another wifi. I do normally not have issues with NAT loopback since my router supports this and works with my other servers.

The app connects immediately if i’m on the local network using local ip.

is there any chance the SSL certificate affects this? i did not test external connection before the certificate was installed.

No. As you could login via local IP. This is something with port forwarding or ports blocked.

I will take a closer look if theres anything I’ve missed. Is there any server settings that could be the cause?
And thank you so far for the help

@iclimb can you try to make an external connection without 3G, this eliminates your 3G provider blocking the required ports from their side.

@Costas Yes I will try that. But now I’m thinking about it, I don’t think it can be the problem. The problem is also when I’m connected to my local network (same as server) with my phone an connects to the external ip/hostname.but I will try just to be sure