Question posted in 
I have a WordPress blog that is hosted on VPS using LEMP Stack (on Ubuntu 20.04). The domain (underthesun.dev) is already matched to VPS server (FTP and ping is ok, so DNS records are seem to be correct), but there is an HSTS technology that I have to bypass.
Standard certbot package doesn’t work here, there is an error:
Domain: underthesun.dev
Type: connection
Detail: Fetching
http://underthesun.dev/.well-known/acme-challenge/qDNw-QTDRMOGmsX8QkA_-t5gPl7ETAlPYYSzbxXznRM:
Timeout during connect (likely firewall problem)
Domain: www.underthesun.dev
Type: connection
Detail: Fetching
http://www.underthesun.dev/.well-known/acme-challenge/jzfnoaSnwOHpHr1BgrKHT82-gtaMeBUp1il9RT5dYw4:
Timeout during connect (likely firewall problem)
There is not so many information about this issue. I did not get what firewall it is implied. What should I do and is it real in general to install free SSL like this?
UPD: added HSTS header in Nginx config, and checked via tool from Chromium. But the issue is still relevant…
2
Answers
The problem solved simply: just run
certbot --nginxand there will be guided installation.This link will help you
Let’s Encrypt has to be able to connect to the server, using the domain, in order to confirm that you control it (this is the HTTP challenge. This stops you registering certificates for domains that you do not control which could be used for man-in-the-middle attacks.
The attempt to do so is timing out because
185.247.119.22(whichunderthesun.devresolves to) is not running a server on port 80. (The computer might be running one which is being blocked by a firewall, or it might not be running one at all)You need to either: