Cannot install letsencrypt [SOLVED]

My YunoHost configuration

old eeepc (atom processor)
Internet access: ethernet at home
YunoHost version:
yunohost: 2.7.7
yunohost-admin: 2.7.7
moulinette: 2.7.7
ssowat: 2.7.7

If personalized, how:
Installed nextcloud, and libresonic

Description of my problem

I have been running yunohost for over a year. It has been great! From time to time, I have tried to install letsencrypt cert, but it has always failed. I am definitely a noob here, but I have had a couple people try to help me, and I am still stuck.

Here is the error I get when trying to install letsencrypt:

Here is “Diagnosis”:

I am not sure what logs are relevant, but I will upload any requested.

It seems I have some problem with port 80. As far as I can tell, this port is open on my server, and it is properly forwarded on my router. My ISP has promised that they do not block any ports. If someone could help me get a letsencrypt cert installed, I would be very happy!

 "CVE-2017-5754": {
    "name": "meltdown",
    "vulnerable": true

That’s a bit unrelated, but you’re vulnerable to the “recent” Meltdown vulnerability. Try to keep your system as much up to date as you can (running apt-get update && apt-get dist-upgrade) and reboot your system soon™.

Other than that, it looks like your setup should be able to install Let’s Encrypt… So let’s try to see why it’s not working. One way to debug this is to put a dummy file in /tmp/acme-challenge-public/ :

$ echo "This is a test" > /tmp/acme-challenge-public/foobar

And try to access it (ideally not from your local network) with the url http://your.domain.tld/.well-known/acme-challenge/foobar (note the http, not https). If this works, you should see a blank page with just “This is a test” written.

The page never even loads. My server seems to be completely inaccessible from the internet on port 80/http.

In regards to meltdown, I believe I am already running the patched kernel version :slight_smile:

Does this hosts file look right??

At this point, I strongly suspect my ISP is blocking incoming connections on port 80. They won’t admit it for some reason, but that has to be it. I have tried a different router, running ddwrt, but there is nothing I can do to access port 80.

If I want a real (not self-signed) ssl cert, I believe I have to give up my * domain, and get something like no-ip. Is that right? Or do I have some other option where I can keep my current domain?

Thanks again, for helping with something that turned out not to be a problem with Yunohost at all. I appreciate it, and I appreciate Yunohost!