Lets encrypt failure

[kendunbrach]

Trying to setup a new server on Debian 13.

All goes well until the TASK [lego: enroll at letsencrypt] step.
Fails with

fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["/usr/local/owntracks/lego/enroll.sh"], "delta": "0:00:18.101724", "end": "2025-11-30 21:15:43.489621", "msg": "non-zero return code", "rc": 1, "start": "2025-11-30 21:15:25.387897", "stderr": "", "stderr_lines": [], "stdout": "2025-11-30T21:15:25\n2025/11/30 21:15:25 [INFO] [owntracks.XXXX.com] acme: Obtaining bundled SAN certificate\n2025/11/30 21:15:26 [INFO] [owntracks.XXXX.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2840551506/620753414006\n2025/11/30 21:15:26 [INFO] [owntracks.XXXXcom] acme: Could not find solver for: tls-alpn-01\n2025/11/30 21:15:26 [INFO] [owntracks.XXXXcom] acme: use http-01 solver\n2025/11/30 21:15:26 [INFO] [owntracks.XXXX.com] acme: Trying to solve HTTP-01\n2025/11/30 21:15:43 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2840551506/620753414006\n2025/11/30 21:15:43 Could not obtain certificates:\n\terror: one or more domains had a problem:\n[owntracks.XXXX.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 86.154.120.169: Fetching http://owntracks.mycloudnas.com/.well-known/acme-challenge/C3R04lKniBk2-0VaX-uRTJs_AUKd09J2jPnas-0xrck: Timeout during connect (likely firewall problem)", "stdout_lines": ["2025-11-30T21:15:25", "2025/11/30 21:15:25 [INFO] [owntracks.XXXXX.com] acme: Obtaining bundled SAN certificate", "2025/11/30 21:15:26 [INFO] [owntracks.XXXXcom] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2840551506/620753414006", "2025/11/30 21:15:26 [INFO] [owntracks.mycloudnas.com] acme: Could not find solver for: tls-alpn-01", "2025/11/30 21:15:26 [INFO] [owntracks.XXXXcom] acme: use http-01 solver", "2025/11/30 21:15:26 [INFO] [owntracks.XXXX.com] acme: Trying to solve HTTP-01", "2025/11/30 21:15:43 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2840551506/620753414006", "2025/11/30 21:15:43 Could not obtain certificates:", "\terror: one or more domains had a problem:", "[owntracks.XXXXcom] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 86.154.120.169: Fetching http://owntracks.mycloudnas.com/.well-known/acme-challenge/C3R04lKniBk2-0VaX-uRTJs_AUKd09J2jPnas-0xrck: Timeout during connect (likely firewall problem)"]}

DNS works, I can ping my own owntracks DNS name without issue, ports are open on the firewall.

Any assistance gratefully received.

many Thanks

[jpmens]

Did you see “ Timeout during connect (likely firewall problem” in the returned error? Is let’s encrypt able to access your server at tcp port 80 for the enrollment?