ACME-TINY - HTTP-01 Challenge Not Passing Due to Port 80 Being Blocked


I’m trying to issue an certificate for my NAS at I use acme-tiny for this. My NAS is behind an (of cause ports are open) and I have a dynamic IP address.

Here is my log file:

Verifying - - [04/Jun/2017 14:08:45] "GET /.well-known/acme-challenge/ HTTP/1.1" 200 - - - [04/Jun/2017 14:09:01] "GET /.well-known/acme-challenge/baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc HTTP/1.1" 200 - - - [04/Jun/2017 14:09:08] "GET /.well-known/acme-challenge/ HTTP/1.1" 200 - - - [04/Jun/2017 14:09:30] "GET /.well-known/acme-challenge/baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc HTTP/1.1" 200 -
Traceback (most recent call last):
  File "acme-tiny/", line 198, in <module>
  File "acme-tiny/", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,
  File "acme-tiny/", line 149, in get_crt
    domain, challenge_status))
ValueError: challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u''], u'url': u'', u'hostname': u'', u'addressesTried': [], u'addressUsed': u'', u'port': u'80'}], u'keyAuthorization': u'baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc.a3hC-50VyqVPjO5PnPPkSmDeANzTYjFzyYYgeApEbus', u'uri': u'', u'token': u'baIeIR4WwEBY9WWSwDMjbvgg-UNnR2HjNPS7ZPsVpzc', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Could not connect to'}, u'type': u'http-01'}

On my browser I can access the challenge-file and the log looks like letsencypt can access it too. Any idea what’s the problem?

Thanks, Andi

I can connect to your port 443 but not your port 80. You need port 80 open to use the HTTP-01 challenge.

If you can’t open port 80 you can use the TLS-SNI challenge which works on port 443. However I don’t think acme-tiny supports this challenge so you may have to use a different client.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.