Hi guys.
Went through the same process and same error and same solution. It’s very obvious but:
- make sure to have a proper password for your mikrotik users
- forward port 80 to your mikrotik if mikrotik is behind your ISP router (do same for 443 to allow using https later)
- enable DDNS in IP / cloud in mikrotik and make sure you got your domain: xxxx.sn.mynetname.net
- allow port 80 in IP / firewall → chain input | protocol tcp | dst port 80 | action accept (make sure it’s above other rules which block access)
- allow www in IP / services
now check that you can access your mikrotik admin over the xxxx.sn.mynetname.net above, but don’t login! you don’t want to send credentials over http over public internet
if that is confirmed you are good to go with:
- /certificate/enable-ssl-certificate (domain is picked up by default from ip/cloud)
This will now work, check that www-ssl has new certificate setup in IP / services and enable it if it isn’t.
Now do what you want with 443 port so that you can use https domain, enable it in firewall for admin access or forward it to some other host etc…
There are solutions to not keep port 80 open anymore and have it open only when needed, as you only need it for renewal but that is outside of this.
I think there is some rate limit on too many failed attempts which usually happen before everything is configured correctly and that is why progress: [error] err starts to be returned as I only got this error after some time. I don’t see it being aggressive on https://letsencrypt.org/docs/rate-limits/ though.
Anyway I waited for an hour without touching anything while confirming that address and DNS were working by accessing the admin and after that certificate attempt passed and certificate was created without issue.
Hope it helps someone,
Best regards