[Freedombox-discuss] Can't get android phone to connect to radicale.
Daniel Gnoutcheff
gnoutchd at softwarefreedom.org
Tue Feb 7 17:41:54 UTC 2017
On 02/06/2017 11:15 PM, A. F. Cano wrote:
> Failed to obtain certificate for domain <domain>.freedombox.rocks: Failed
> authorization procedure. <domain>.freedombox.rocks (http-01):
> urn:acme:error:connection :: The server could not connect to the client
> to verify the domain :: Could not connect to <domain>.freedombox.rocks
From this, it sounds like the HTTP server on <domain>.freedombox.rocks
is not reachable from the public Internet. It needs to be in order for
the "http-01" validation method to work [1].
What happens if you try to visit http://<domain>.freedombox.rocks/ in a
browser, preferably from a public Wifi network or some other independent
network?
What happens when you run
getent ahosts <domain>.freedombox.rocks
from a Linux workstation?
Is the freedombox behind another router? If so, have we verified port
forwarding for tcp ports 80 and 443?
> Stopping orbot and disabling the firewall seem to not fix the issue.
Right. I think we *also* need to fix certificate issue.
> I don't see any packets going to/from the phone with wireshark,
Are you running wireshark on the freedombox itself? If not, I'm not
sure I'd trust that packet dump. Capturing unicast traffic that doesn't
involve the capturing host is tricky business [2]. Maybe try tcpdump on
the freedombox (via ssh)?
[1] https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-7.2
[2] https://wiki.wireshark.org/CaptureSetup/WLAN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20170207/ffe13b7e/attachment.sig>
More information about the Freedombox-discuss
mailing list