Rocky Linux 9.7 on it NethServer8 and mail + roundcube module working fine
DNS records set, Router open port 80 and 443 to reverse proxy … port 80 is opened
so I Request Certyficate in Settings > TLS certyficates and get that error every time
Cannot obtain Let’s Encrypt certificate
Issues detected with one or more FQDNs:
2026-02-15T00:09:30+01:00 unable to generate a certificate for the domains [xxx.xx]: error: one or more domains had a problem:
[xxx.xx] invalid authorization: acme: error: 400 :: urn:ietf:params:acme:error:connection :: ip address: Error getting validation data
Im just figure that time on Rocky Linux was bad I set it right …
but still that error
I put reverse proxy only to redirect 80 port and http
Finally I get cert from Lets encrypt manualy
and put files into nethserver - with green valid indicatror I can only DELETE that cert
where is option set to default ? .how can I know is it use by services or nethserver
The NS8 node must be publicly accessible on port 443, without IP/country filters that might block Let’s Encrypt’s IPs. [LE requirements; External connectivity]
The FQDN must resolve to the node’s public IP (correct A/AAAA records). [DNS config; LE requirements]
The “Error getting validation data” message indicates that Let’s Encrypt cannot connect correctly to the validation service on your IP/FQDN. Typical causes mentioned in the documentation for renewal/validation failures are:
Changes or errors in the DNS records for the certificate name.
A firewall or reverse proxy blocking or not correctly forwarding the necessary traffic (in your case, especially port 443 to Traefik from the NS8 node). [Expiration alerts; LE requirements]
Thank You for reply and will of help
Im fight with that 3 days now and Im very exhausetd …
Like I said everything working fine and if its working from outside
Let me tell You more
I got 2 servers inside LAN (joomla and ns8)
and connection is like this
Internet > Mikrotik > joomla (workin fine port 80 is open … LetsEncryp cert is enabled)
then I put ns8 and have to change redirect ports 80 and 443 on Mikrotik from joomla to ns8
but after that my domain is blind from outside (404)
so I consult tht problem with AI and it advice me to use reverse proxy, I got qnap so I enabled reverse proxy on QNAP
and voila everything working fine
everything except lets encryp cert
I think problem is with doubled Reverse proxies becuase treafik on ns8 is Reverse proxy too
still dont know why :
if joomla take coms from outside the ports 80 and 443 are open (I chcecked)
but if i change to ns8 get coms from outside … even if services working fine with qnap reverse proxy
ports 80 and 443 are closed from outside ! (I chceked that too) … how ?! is that so LetsEncrypt cant working to
second question
How I can enable upload valid cert manualy to default ?
I got only delete option in TLS cert settings
Greetings
and I am very grateful to you for all advice you send me
Hello
Thank you so much for your reply. I’ve been struggling with this for three days now.
Question is why my other joomla server workin fine with cert and ports 80 and 443 opened from outside
but if i change that joomla redirection on Router … to nethserver8 ip
mine domain is blind and dosent working (404)
and then magically when I enable reverse proxy on QNAP
ns8 and Roundcube working fine (without certs) but still ports 80 and 443 are closed !
and How I can enable upload valid cert manualy to default ?
I got only delete option in TLS cert settings … it should be way to select upload cert to Roundcube service or HTTP route
Thank you for any advice and greetings
but my mind is already frazzled and numb
Problem Solved … Mikrotik seems to get some lock ports or rules … after reboot and reconfigure rules and get out second reverse proxy … seems certs are aprove and valid now …
take care