Challenge Failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.curae.net

I ran this command:
./certbot-auto

It produced this output:

My web server is (include version): apache

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.32.0

Hi @piyush1973

your ip numbers ( https://check-your-website.server-daten.de/?q=curae.net ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
curae.net A 184.168.131.241 yes 2 0
AAAA yes
www.curae.net C curae.net yes 1 0
A 184.168.131.241 yes

First look, the answers are ok - port 80 is open.

Domainname Http-Status redirect Sec. G
http://curae.net/
184.168.131.241 200 3.360 H
http://www.curae.net/
184.168.131.241 200 0.350 H
https://curae.net/
184.168.131.241 200 1.900 N
Certificate error: RemoteCertificateNameMismatch
https://www.curae.net/
184.168.131.241 200 1.593 N
Certificate error: RemoteCertificateNameMismatch
http://curae.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.168.131.241 200 0.374
Visible Content: <!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01//EN” “http://www.w3.org/TR/html4/strict.dtd”> Curae
http://www.curae.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.168.131.241 200 0.357
Visible Content: <!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01//EN” “http://www.w3.org/TR/html4/strict.dtd”> Curae

But there is a http status 200, checking the not existing file /.well-known/acme-challenge.

And there

http://www.curae.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

is a frame included.

<frame src=“http://18.188.130.21:8080/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de” frameborder=“0” />

If you want a certificate with http-01 validation, your dns entry must use the 18.188.130.21 and you must have an open port 80, not port 8080.

Or use dns-01 validation, then you don’t need a running webserver.

Hi,
I am still getting the same error.
Piyush Agarwal

I also get a “Connection reset by peer” error if I try to access it using curl.

It looks like the website blocks some clients based on the User-Agent header. A browser works – producing the iframe page – but other clients get the connection reset.

Rechecked your domain ( https://check-your-website.server-daten.de/?q=curae.net ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
curae.net A 184.168.131.241 yes 2 0
AAAA yes
www.curae.net C curae.net yes 1 0
A 184.168.131.241 yes

You didn’t change your ip address.

There must be your 18.* address visible.

http + www now has a server error (bad gateway), the rest is the same.

Actually I am redirecting it from 184.168.131.241 to 18.*
I am doing the same for two other websites and it is working

On which ip address runs your certbot?

184.* or 18.*

certbot is running on 18.*

And that can’t work, Letsencrypt sees:

your domain -> 184.* -> Letsencrypt checks the 184.*

I have updated the A entry . Now there are two ip addresses

If your certbot runs on the 18.*, certbot can’t update the 184.* ip addresses.

So remove these entries complete, only

A -> 18.*

1 Like

Thank you. It s working now

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.