Quicksetup acme "cant find solver" "firewall problem?"

[gusmorrison1]

I'm running a ubuntu jammy 24.04 vps on oracle cloud and a seperately hosted domain. I followed all the steps in the "new" quicksetup in the booklet and everything worked fine running bootstrap.sh until task lego:enroll at letsencrypt.

I think its best if I just paste the error message here. I replaced what I thought was sensitive with IplaceholdersI

fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["/usr/local/owntracks/lego/enroll.sh"], "delta": "0:00:18.573103", "end": "2024-05-04 22:08:31.223056", "msg": "non-zero return code", "rc": 1, "start": "2024-05-04 22:08:12.649953", "stderr": "", "stderr_lines": [], "stdout": "2024-05-04T22:08:12\n2024/05/04 22:08:13 

[INFO] [IdomainI] acme: Obtaining bundled SAN certificate\n2024/05/04 22:08:14 
[INFO] [IdomainI] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/IauthidI\n2024/05/04 22:08:14 
[INFO] [IdomainI] acme: Could not find solver for: tls-alpn-01\n2024/05/04 22:08:14
[INFO] [IdomainI] acme: use http-01 solver\n2024/05/04 22:08:14 
[INFO] [IdomainI] acme: Trying to solve HTTP-01\n2024/05/04 22:08:31 
[INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/IauthidI\n2024/05/04 22:08:31 Could not obtain certificates:\n\terror: one or more domains had a problem:\n[IdomainI] acme: error: 400 :: urn:ietf:params:acme:error:connection
:: IIP-AddressI: Fetching http://IdomainI/.well-known/acme-challenge/Irandom lettersI: Timeout during connect (likely firewall problem), url: ", "stdout_lines": ["2024-05-04T22:08:12", "2024/05/04 22:08:13

[INFO] [IdomainI] acme: Obtaining bundled SAN certificate", "2024/05/04 22:08:14 
[INFO] [IdomainI] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/IauthidI", "2024/05/04 22:08:14 
[INFO] [IdomainI] acme: Could not find solver for: tls-alpn-01", "2024/05/04 22:08:14 
[INFO] [IdomainI] acme: use http-01 solver", "2024/05/04 22:08:14 
[INFO] [IdomainI] acme: Trying to solve HTTP-01", "2024/05/04 22:08:31 
[INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/IauthidI", "2024/05/04 22:08:31 Could not obtain certificates:", "\terror: one or more domains had a problem:", "[IdomainI] acme: error: 400 :: urn:ietf:params:acme:error:connection :: IIP-AddressI: Fetching http://IdomainI/.well-known/acme-challenge/Irandom lettersI: Timeout during connect (likely firewall problem), url: "]}

My question is mainly where the problem exactly lies. Is it a problem with the domain? With the settings of the VPS on Oracle Cloud? Or is it just a directory that doesnt have proper chmod. Im struggling with this error message for days now. I already configured the iptables to allow everything but still it just says "firewall problem"

This is the first Issue I ever post on Github, so Im sorry if im labeling it wrong :sweat_smile: Thanks in advance

-Gus

[jpmens]

You did nothing wrong, and I'm sorry you've been fighting with this. (I edited your question to add ``` before and after code lines to make it easier for me to read.)

I'm surprised at the error: Could not find solver for: tls-alpn-01" which is being reported back to us by Let's Encrypt...

In your configuration.yaml file, have you specified your DNS domain as a simple name such as

dns_domain: my.domain.example

or does that have a scheme on it as in https://my.domain.example? This would be wrong.

Regarding VPS on Oracle cloud: we've no experience with that, so it might of course well be that that cloud is not permitting Let's Encrypt to connect back to your VPS for the http-01 challenge which it needs to verify your OwnTracks machine is actually yours ... This connection would be done on port 80.

[jpmens]

If you attempt to connect to your OwnTracks VPS from elsewhere, say using something like the following do you see a connection refused message (expected) or something else?

curl -v http://my.domain.example

And just to be sure let me ask: does the name my.domain.example point to the address of your VPS?

[gusmorrison1]

Thanks for the quick response. I really apreciate your help! Yes, the domain is set as a simple domain, just domain.de. I also checked that the domain is pointed at the public ip of the vps by pinging and searching my domain on a dns lookup. When running curl -v http://my.domain.example from my android however I get.

curl -v http://domain.de

• Could not resolve host: domain.de
• Closing connection 0 curl: (6) Could not resolve host: domain.de $

Does that mean that my VPS doesnt allow connections as you suggested?

[jpmens]

Your last comment doesn't quite compute: on the one hand you say you can resolve and ping the domain, on the other hand in the curl example you say the result is "could not resolve host". (That's what happens when one tries to obfuscate ;-)

Please double-check your details.

You can also gladly send us the actual domain name via an email to support@owntracks.org, and I'll gladly verify for you. (Please mention this issue number in the subject if you do.)

[jpmens]

Let the record show it turns out there was a firewall blocking access to 80 and 443.

Thanks a lot for your help Jan-Piet! This will probably not be the last time you heard from me since the process of setting the apps up and working is still a long way. But thanks for now!Have a nice day

Glad you solved it.

[gusmorrison1]

Hi Jan, sorry to bother you again. Everything is setup now on my android, with password and userid so its doesnt say configuration incomplete anymore. but after about 3 seconds of "move monitoring mode" i get the Error: Http code 405. Do you know what that could mean is something blocked again or do I have to open more ports?

Best regards

-Gus the Letsencrypt dancer

On May 5, 2024 1:44:55 PM GMT+02:00, Jan-Piet Mens @.***> wrote:

Let the record show it turns out there was a firewall blocking access to 80 and 443.

Thanks a lot for your help Jan-Piet! This will probably not be the last time you heard from me since the process of setting the apps up and working is still a long way. But thanks for now!Have a nice day

Glad you solved it.

-- Reply to this email directly or view it on GitHub: https://github.com/owntracks/quicksetup/issues/40#issuecomment-2094773264 You are receiving this because you authored the thread.

Message ID: @.***>

[jpmens]

HTTP status 405 is "method not allowed" which appears to indicate that either the server is misconfigured (not terribly likely) or something is intercepting that query.

If you followed these instructions from the Booklet that should not be occurring, as we configure for the MQTT protocol which for OwnTracks is much more capable. You would need to enable TCP port 8883 on your firewall if it is currently disabled.

[gusmorrison1]

what confuses me is this error message:

2024-05-05 16:10:52.007 E MessageProcessorEndpointMqtt: Error creating MQTT client 2024-05-05 16:10:52.007 E MessageProcessorEndpointMqtt: java.net.URISyntaxException: Expected closing bracket for IPv6 address at index 13: tcp://[https://lebstkarte.de]:8883

What closing brackets? I just put https://lebstkarte.de in the Hostname field or ist that wrong?

sorry that i still havent managed to get this thing running. only reply when you have the time. I understand if you have more important things to do haha

On May 5, 2024 3:18:53 PM GMT+02:00, Jan-Piet Mens @.***> wrote:

HTTP status 405 is "method not allowed" which appears to indicate that either the server is misconfigured (not terribly likely) or something is intercepting that query.

If you followed these instructions from the Booklet that should not be occurring, as we configure for the MQTT protocol which for OwnTracks is much more capable. You would need to enable TCP port 8883 on your firewall if it is currently disabled.

-- Reply to this email directly or view it on GitHub: https://github.com/owntracks/quicksetup/issues/40#issuecomment-2094807534 You are receiving this because you authored the thread.

Message ID: @.***>

[gusmorrison1]

Also I have questions about a few things the booklet didnt talk about at all. Do I need the MQTT mode in the (android) app or can I somehow use the http mode as well?

On the (android) App: In the MQTT Mode: --> Host: What Port do I need to enter? 8883? --> Host: Is the hostname the IP Address or the domain?(if so, https:// or just plain domain?) --> Security: Do i need to enable tls or can I just leave it off?, --> TLS: Where do I find the CA certificate?? --> TLS: is the Client certificate simply the .pass file in /usr/local/owntracks/userdata? --> TLS: Is the Client certificate password simply the password from /usr/local/owntracks/userdata/htpasswd ?

When running mosquitto_sub -v -t 'owntracks/#' on the vps after clicking on the publish up arrow in the app I just get the error message: Connection error: Connection Refused: not authorised. When running the same command as sudo however, nothing happens.

Also when accessing the domain lebstkarte.de through a web browser I just get:

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org. Commercial support is available at nginx.com.

Thank you for using nginx.

However according to the booklet there should be a website letting me login

On May 5, 2024 4:13:39 PM GMT+02:00, Gus @.***> wrote:

what confuses me is this error message:

2024-05-05 16:10:52.007 E MessageProcessorEndpointMqtt: Error creating MQTT client 2024-05-05 16:10:52.007 E MessageProcessorEndpointMqtt: java.net.URISyntaxException: Expected closing bracket for IPv6 address at index 13: tcp://[https://lebstkarte.de]:8883

What closing brackets? I just put https://lebstkarte.de in the Hostname field or ist that wrong?

sorry that i still havent managed to get this thing running. only reply when you have the time. I understand if you have more important things to do haha

On May 5, 2024 3:18:53 PM GMT+02:00, Jan-Piet Mens @.***> wrote:

HTTP status 405 is "method not allowed" which appears to indicate that either the server is misconfigured (not terribly likely) or something is intercepting that query.

If you followed these instructions from the Booklet that should not be occurring, as we configure for the MQTT protocol which for OwnTracks is much more capable. You would need to enable TCP port 8883 on your firewall if it is currently disabled.

-- Reply to this email directly or view it on GitHub: https://github.com/owntracks/quicksetup/issues/40#issuecomment-2094807534 You are receiving this because you authored the thread.

Message ID: @.***>

[jpmens]

The login is at https://yourdomain.example/owntracks/