ACME-TINY - HTTP-01 Challenge Not Passing Due to Port 80 Being Blocked

Hello!

I’m trying to issue an certificate for my NAS at cloud.gruene-juged.nrw. I use acme-tiny for this. My NAS is behind an fritz.box (of cause ports are open) and I have a dynamic IP address.

Here is my log file:

Verifying cloud.gruene-jugend.nrw...
ipservice-092-209-044-177.092.209.pools.vodafone-ip.de - - [04/Jun/2017 14:08:45] "GET /.well-known/acme-challenge/ HTTP/1.1" 200 -
dslb-088-078-158-243.088.078.pools.vodafone-ip.de - - [04/Jun/2017 14:09:01] "GET /.well-known/acme-challenge/baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc HTTP/1.1" 200 -
ipservice-092-209-044-177.092.209.pools.vodafone-ip.de - - [04/Jun/2017 14:09:08] "GET /.well-known/acme-challenge/ HTTP/1.1" 200 -
outbound1.letsencrypt.org - - [04/Jun/2017 14:09:30] "GET /.well-known/acme-challenge/baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc HTTP/1.1" 200 -
Traceback (most recent call last):
  File "acme-tiny/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme-tiny/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme-tiny/acme_tiny.py", line 149, in get_crt
    domain, challenge_status))
ValueError: cloud.gruene-jugend.nrw challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'88.78.158.243'], u'url': u'http://cloud.gruene-jugend.nrw/.well-known/acme-challenge/baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc', u'hostname': u'cloud.gruene-jugend.nrw', u'addressesTried': [], u'addressUsed': u'88.78.158.243', u'port': u'80'}], u'keyAuthorization': u'baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc.a3hC-50VyqVPjO5PnPPkSmDeANzTYjFzyYYgeApEbus', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/etJA2NSsxrJejxwRQ-z_MPnlyoWeALUYcwFd-UL2Bek/1278215237', u'token': u'baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Could not connect to cloud.gruene-jugend.nrw'}, u'type': u'http-01'}

On my browser I can access the challenge-file and the log looks like letsencypt can access it too. Any idea what’s the problem?

Thanks, Andi

I can connect to your port 443 but not your port 80. You need port 80 open to use the HTTP-01 challenge.

If you can’t open port 80 you can use the TLS-SNI challenge which works on port 443. However I don’t think acme-tiny supports this challenge so you may have to use a different client.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.