Certbot-auto cannot connect to external server - Redirection Issues with HTTP Challenge


#1

Hello,
I cannot seemingly accomplish validation of domain, as I get error with connection.
What I found out strange, it says it tries to connect to “lookup.activ2.iq.pl.well-known” like it added .well-known to domain. Im not sure if the web server (external hosting provider) or certbot bugged/glitched, but I just cannot make it work.

here is raw output from script.
used command “certbot certonly --manual”

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. lookup.activ2.iq.pl (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to lookup.activ2.iq.pl.well-known

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: lookup.activ2.iq.pl
   Type:   connection
   Detail: Could not connect to lookup.activ2.iq.pl.well-known

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

you can check yourself, that for example challange “https://lookup.activ2.iq.pl/.well-known/acme-challenge/UOtRPUZDetw49XF4SaGbbWThji6kmM8aSw43ZnYpyLk” works just perfectly fine.

Another note is, that worked before, but cert is close to expiry.
Also, dont explore that website, its supposed to be all password-protected.


#2

Ok, so fixed.
My hosting provider solved the issue, I thought it was cert-bot related issue. apparently it was not.


#3

By the way, when people have run into .well-known appearing as part of the domain name, the problem was almost always an incorrectly set up rewrite/redirect rule in the web server configuration, that omitted a slash and hence redirected http://example.com/.well-known/ to http://something.example.com.well-known/ (or something along those lines). Hopefully that’s what your provider discovered and fixed here!


#4

@schoen
absolutely, that was the case. I’ve asked them what was wrong with the server, and they replied that it was wrongly configured redirect on the config side, and they fixed it.

ps.
redirect was http -> https.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.