All ports and files verified and accessible. Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ip.data28.ca
I ran this command:
certbot --dry-run certonly -a webroot -w /var/www/html -d ip.data28.ca
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ip.data28.ca
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /var/www/html/.well-known/acme-challenge
Failed authorization procedure. ip.data28.ca (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ip.data28.ca/.well-known/acme-challenge/LM08s5lREtji3BkhweyoiyXI3lPrDdi-mYCo6RT5Kzk: Timeout

IMPORTANT NOTES:

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version):
Linux Mint 18.2

My hosting provider, if applicable, is:
Self-hosted

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

Please help, killed a day, verified access 100 times, keeping test.txt file in /.well-known/acme-challenge for access test. All ports open, no firewall for now, NAT verified, I can download challenge files upon cert generation from remote host, but CA server can’t due HTTP timeout.

Thanks a lot in advance.

$ telnet ip.data28.ca 80
Trying 108.168.49.216…

From my location, I get a timeout, too.

When resolving the ip address and retrieving the hostname of that address, I get dhcp-108-168-49-216.cable.user.start.ca. This looks like a dynamic address of some cable modem or other access provider. There is a chance that access to specific ports is blocked by your provider.

1 Like

Thanks, will buzz provider.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.