Can't generate certificate

Bperro · February 17, 2023, 6:10pm

Hello Let's Encrypt community.

I have a problem when I want to generate my certificate, I hope someone can help me, I don't know much about this domain.

First Step on my PC I launch this command:

certbot certonly -d collecte-staging.westeurope.cloudapp.azure.com --manual

I get this result :

Saving debug log to C:\Certbot\log\letsencrypt.log
Requesting a certificate for collecte-staging.westeurope.cloudapp.azure.com

Create a file containing just this data:

fyFm7w4czIlZ2BQQy-rbr5TiTTt8b8HMCHZ1J4n9jtk.-oKv-0KJrKJLICHU83EVyNJIVmAbJ9oRm6omRGoDnJ8

And make it available on your web server at this URL:

http://collecte-staging.westeurope.cloudapp.azure.com/.well-known/acme-challenge/fyFm7w4czIlZ2BQQy-rbr5TiTTt8b8HMCHZ1J4n9jtk

Press Enter to Continue

Then I connect with ssh on server collecte-staging.westeurope.cloudapp.azure.com- and I execute this :

sudo node acme-challenge.webpack.js fyFm7w4czIlZ2BQQy-rbr5TiTTt8b8HMCHZ1J4n9jtk fyFm7w4czIlZ2BQQy-rbr5TiTTt8b8HMCHZ1J4n9jtk.-oKv-0KJrKJLICHU83EVyNJIVmAbJ9oRm6omRGoDnJ8

I get this result :

fyFm7w4czIlZ2BQQy-rbr5TiTTt8b8HMCHZ1J4n9jtk.-oKv-0KJrKJLICHU83EVyNJIVmAbJ9oRm6omRGoDnJ8 exposed at
host:80/.well-known/acme-challenge/fyFm7w4czIlZ2BQQy-rbr5TiTTt8b8HMCHZ1J4n9jtk

And finally I click on enter on my PC again and I get this error :

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: collecte-staging.westeurope.cloudapp.azure.com
Type: connection
Detail: 13.94.132.251: Fetching http://collecte-staging.westeurope.cloudapp.azure.com/.well-known/acme-challenge/fyFm7w4czIlZ2BQQy-rbr5TiTTt8b8HMCHZ1J4n9jtk: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

I try to see in iptables if firewall had problem but they seem good, since I have a second server with almost the same settings and I don't have the same problem on it and I already generate a certificate on this one to 3 month ago.

I can provide the result of iptables if that can help to find the fix, the only thing I know is that one of my colleague made some manipulation this morning and maybe disconnect some services but I don't know which one.

My web server is (include version): Apache 2.4.29.

The operating system my web server runs on is (include version): Ubuntu

Thank you and my apology for my english,
Cordially
@Bperro

Bruce5051 · February 17, 2023, 6:16pm

Hello @Bperro, welcome to the Let's Encrypt community.

You are using the HTTP-01 Challenge of the Challenge Types - Let's Encrypt that requires access to Port 80 Best Practice - Keep Port 80 Open.

This is what indicates to me you are using HTTP-01 Challenge.

Using nmap here shows your accessible ports.

$ nmap -Pn collecte-staging.westeurope.cloudapp.azure.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-17 10:12 PST
Nmap scan report for collecte-staging.westeurope.cloudapp.azure.com (13.94.132.251)
Host is up (0.17s latency).
Not shown: 994 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
3000/tcp closed ppp
3001/tcp closed nessus
3003/tcp closed cgms
8080/tcp open   http-proxy
8443/tcp closed https-alt

Nmap done: 1 IP address (1 host up) scanned in 11.84 seconds

Bruce5051 · February 17, 2023, 6:26pm

Oh, and I forgot the Let's Debug results https://letsdebug.net/collecte-staging.westeurope.cloudapp.azure.com/1378055

collecte-staging.westeurope.cloudapp.azure.com has an A (IPv4) record (13.94.132.251) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with collecte-staging.westeurope.cloudapp.azure.com/13.94.132.251: Get "http://collecte-staging.westeurope.cloudapp.azure.com/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Bperro · February 17, 2023, 6:32pm

Can you tell me how I can open the 80 port, I am really a beginner in this, I try to search but everything I try seems not to work.

Bruce5051 · February 17, 2023, 6:35pm

Please look to Apache forums

Also if you are using a firewall please look its forums as well.

system · March 19, 2023, 6:36pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.