Can't install lets encrypt and none firewall

handy1 · March 15, 2024, 1:41am

Hi,
We having an error when install this lets encrypt, even we already disable all firewall
Could not issue an SSL/TLS certificate for handalwaterheater.co.id Details Could not issue a Let's Encrypt SSL/TLS certificate for handalwaterheater.co.id. Authorization for the domain failed. Details Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/326134848347. Details: Type: urn:ietf:params:acme:error:connection Status: 400 Detail: 103.229.73.17: Fetching http://handalwaterheater.co.id/.well-known/acme-challenge/Z5VpMjaabdZH66vHxDf3E6ILgKj7qHBDxc4WVUwO_9Y: Timeout during connect (likely firewall problem)

And the second we try again, we had another eror with message limited

Status: 429

Detail: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt

can anyway in this forum help me to solve this issue ?

Handy candy -

Bruce5051 · March 15, 2024, 1:52am

Hello @handy1, welcome to the Let's Encrypt community.

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

Using the online tool Let's Debug yields these results https://letsdebug.net/handalwaterheater.co.id/1837138

IssueFromLetsEncrypt
ERROR
A test authorization for handalwaterheater.co.id to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
103.229.73.17: Fetching http://handalwaterheater.co.id/.well-known/acme-challenge/omsr9Ha9KYqVIRdsAQJLTkdH5OJTii69eocQdYxDrz0: Timeout during connect (likely firewall problem)

Timeout during connect (likely firewall problem)

Edited and deleted; as nmap does not handle the curl parameter -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)". Thus I made an error.

~~Do you have a Palo Alto Firewall installed or in between your server and the Internet?~~

handy1 · March 15, 2024, 2:05am

no we dont have, that we use only imunify360, and we also disabled this but not effected at all.

any solution ?

Bruce5051 · March 15, 2024, 2:06am

Edited and deleted; I made errors.

Bruce5051 · March 15, 2024, 2:12am

Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.

rg305 · March 15, 2024, 2:30am

That implies your system is denying some of the HTTP challenge requests.
Maybe by IP, Country, Reputation, etc.

MikeMcQ · March 15, 2024, 2:43am

An HTTPS connection to that domain is using a cert issued to the name sp133.idcloudhosting.cloud

Do you recognize that? If not, check that your DNS IP address

system · April 14, 2024, 2:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.