On 02/06/2017 11:15 PM, A. F. Cano wrote: > Failed to obtain certificate for domain <domain>.freedombox.rocks: Failed > authorization procedure. <domain>.freedombox.rocks (http-01): > urn:acme:error:connection :: The server could not connect to the client > to verify the domain :: Could not connect to <domain>.freedombox.rocks
From this, it sounds like the HTTP server on <domain>.freedombox.rocks is not reachable from the public Internet. It needs to be in order for the "http-01" validation method to work [1]. What happens if you try to visit http://<domain>.freedombox.rocks/ in a browser, preferably from a public Wifi network or some other independent network? What happens when you run getent ahosts <domain>.freedombox.rocks from a Linux workstation? Is the freedombox behind another router? If so, have we verified port forwarding for tcp ports 80 and 443? > Stopping orbot and disabling the firewall seem to not fix the issue. Right. I think we *also* need to fix certificate issue. > I don't see any packets going to/from the phone with wireshark, Are you running wireshark on the freedombox itself? If not, I'm not sure I'd trust that packet dump. Capturing unicast traffic that doesn't involve the capturing host is tricky business [2]. Maybe try tcpdump on the freedombox (via ssh)? [1] https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-7.2 [2] https://wiki.wireshark.org/CaptureSetup/WLAN
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss