NethServer Version: Nethserver 8, can’t find exact version but it’s the latest as of last week.
Module: TLS Certificates.
I’m late to the party but have finally a VM on Proxmox running Debian 13 where I have installed Nethserver 8 to migrate from my NS7. I want to create the certificates for the server first so I changed the incoming HTTPS port to the new server but I get a connection timeout when trying to retrieve the cert.
Any ideas what is wrong or where I can look for further details?
With newer installations it should just work on port 443. Did you check if you can reach the cluster-admin from public?
The Let’s encrypt server that checks your Nethserver may be in a country that’s blocked by your firewall.
Please check if TLS-ALPN challenge (port 443) is configured:
api-cli run module/traefik1/get-acme-server
should give a result like
{"url": "https://acme-v02.api.letsencrypt.org/directory", "email": "", "challenge": "TLS-ALPN-01"}
A few things to check for the Let’s Encrypt timeout. First, verify that your domain DNS resolves to the correct public IP of your server, from outside your network, not from inside. Use dig yourdomain.com @8.8.8.8 to test this. Second, confirm port 443 is reachable from the internet on that IP, not just internally. Let’s Encrypt uses TLS-ALPN-01 challenge on port 443 by default in NS8. If you have a firewall or ISP blocking port 443 inbound, it will time out. Third, if you recently changed DNS records, wait at least 10-15 minutes for propagation before requesting the cert. Also check the traefik logs for the actual error message: journalctl -u nethserver-traefik -n 50 should show more detail.
I forgot that the new mail server is in a different zone than the old one so after adding the zone to the firewall rule everything worked.