Certbot certonly webroot validation fail

Domain: mail.accinside.co.kr

My web server(include version): Linux centos7.3 64bit

I ran this command:

certbot certonly --webroot

This command creates a temporary file under ‘/var/www/html/.well-known/acme-challenge/’ directory, but
the http request from letsencrypt fails to validate the file.
My Website listens on both http and https ports
Please help me out

It produced this output:

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'to cancel):
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for mail.accinside.co.kr

    Select the webroot for mail.accinside.co.kr:
    1: Enter a new webroot
    Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
    Input the webroot for mail.accinside.co.kr: (Enter 'c' to cancel):/var/www/html
    Waiting for verification...
    Cleaning up challenges
    Failed authorization procedure. mail.accinside.co.kr (http-01): urn:acme:error:connection ::
    The server could not connect to the client to verify the domain :: 
    Fetching http://mail.accinside.co.kr/.well-known/acme-challenge/xxxxxxxxxx: Timeout

     - The following errors were reported by the server:

       Domain: mail.accinside.co.kr
       Type:   connection
       Detail: Fetching

       To fix these errors, please make sure that your domain name was
       entered correctly and the DNS A record(s) for that domain
       contain(s) the right IP address. Additionally, please check that
       your computer has a publicly routable IP address and that no
       firewalls are preventing the server from communicating with the
       client. If you're using the webroot plugin, you should also verify
       that you are serving files from the webroot path you provided.

Hi @warren,

I’m not able to access http://mail.accinside.co.kr/ with a browser at all (it also times out for me), from different vantage points in the U.S. Can you access it in a browser from a network other than the one that it’s hosted on? Do you have recent evidence that someone else has accessed it from outside of Korea?

1 Like

Thank you for the reply @schoen

I don’t have the evidence, but this link might work for proving the aceess outside of Korea

http://mail.accinside.co.kr/ is set to redirect to https port.
Because the website doesn’t contain ssl certificate yet, the browser won’t show the page.

That domain is resolving to for me, which is not responding on either port 80 or port 443. It seems you need to fix some connectivity issues with your server.

Nope, I'm not getting a certificate error. The TCP connection never completes at all. It won't work with curl or telnet either.

You were right! Thank you

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.