Can't get cert installed on FileMaker server

We have set up 2 servers successfully with Lets Encrypt certs using the server requests and renew process in the latest FM server. However, on 2 other servers we are getting the following error and cannot figure out the problem

My domain is: fms.benchmarkincentives.com

I ran this command: sudo -E ./fm_request_cert.sh

It produced this output:

Generating test certificate request. Saving debug log to /opt/FileMaker/FileMaker Server/CStore/Certbot/letsencrypt.log Simulating a certificate request for fms.blahblahblah.com Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: fms.blahblahblah.com Type: connection Detail: 135.000.00.00: Fetching http://fms.blahblahblah.com/.well-known/acme-challenge/HPbVeBwZqwyfCFbw4hJ_q-sqtQkNza7dQweA_LFQxV0: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /opt/FileMaker/FileMaker Server/CStore/Certbot/letsencrypt.log or re-run Certbot with -v for more details. [ERROR]: Certbot returned with a nonzero failure code. Check /opt/FileMaker/FileMaker Server/CStore/Certbot/letsencrypt.log for more information.

The operating system is (include version): Ubuntu 22.04.4 LTS

FileMaker server version: 21.0.2.202

My hosting provider, if applicable, is: Microsoft Azure

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

Accidentally pasted in the obfuscated response. The fas.blahblahblah.com in the output is fms.benchmarkincentives.com

Welcome @Kluch

Is your port 80 open at both Azure and your server?

Because HTTPS (port 443) reach your domain but HTTP (port 80) times out. Even for "home" page. You are using an HTTP Challenge so need to reply to HTTP challenges.

curl -I -m7 http://fms.benchmarkincentives.com
curl: (28) Connection timed out after 7001 milliseconds

curl -Ik -m7 https://fms.benchmarkincentives.com
HTTP/2 200
server: nginx
...
(Note: cert is self-signed Claris but port 443 is responding at least)

Good site for testing new setups

4 Likes

You were correct. The problem was port 80 on Azure. I has the mistaken belief that the FileMaker process opened port 80 during the certificate request and then closed it again. Clearly that was wrong. Thanks!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.