Acme challenge verification sent too late


all my verification calls return a 404, looking at the logs I see that the verification is called after the local challenge no longer exists.
My domain is:

I ran this command: using nginx-ssl-proxy from

It produced this output:

13:10:10 Obtaining a new certificate
13:10:11 Performing the following challenges:
13:10:11 http-01 challenge for <MyDomaon>
13:10:11 Using the webroot path /usr/share/nginx/html for all unmatched domains.
13:10:11 Waiting for verification...
13:10:11 <IP> - - [11/Jan/2019:18:10:11 +0000] "GET /.well-known/acme-challenge/<ChallengeKey> HTTP/1.1" 404 162 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +" "-"
13:10:58 Cleaning up challenges
13:10:58 Incomplete authorizations

My web server is (include version):

The operating system my web server runs on is (include version):
Linux e9a85a41e863 4.9.114-moby #1 SMP Wed Aug 22 17:42:16 UTC 2018 x86_64 GNU/Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


The FQDN resolves to three IPs:

As this is the first cert requested for this FQDN, you need to understand how cert authentication happens and how your setup would allow for it (to happen).
Or switch to a better suited authentication method (perhaps DNS auth).

I don’t use AWS for DNS, so I can’t guide you with that specifically.
But there should be a working DNS plugin for AWS.


thank you @rg305! I’ve changed my DNS to resolve to a single IP, but I’m getting another error:
Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching<ChallengeKey>: Timeout during connect (likely firewall problem)

I have a server listening at ports 80 and 443 at this address, am I missing anything else?


Yes, AWS needs to allow port 80 also.

Connecting to (||:80… failed: Connection timed out.


makes sense :slight_smile: thank you so much!


I see a new cert!:

1 Like
closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.