The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 3.0.11.30336

my error:

config checks failed to verify http://wxs.situ.edu.cn is both publicly accessible and can serve extensionless files e.g. http://wxs.situ.edu.cn/.well-known/acme-challenge/configcheck

how can I resolve it?

That's a precondition to use letsencrypt: it's necessary to have a publicly accessible web server, it makes no sense to have a public certificate if you don't have one. There are lot of possible reasons your site can't be accessed from Letsencrypt servers (and my computer too), and that's a problem very difficult to debug from the outside... If it's the notorious China firewall, I'm afraid that Letsencrypt can do nothing about it.

I have found the problem, which is really the cause of the firewall. I want to know which other ports besides 443 and 80 will be affected

After turning off the firewall, use netstat to check the port status. The certificate was updated successfully

Firewall open, 443 and 80 restrictions will not work even if removed, there should be other ports affecting certificate updates

Do you know?

for getting a certificate with the http challenge, your computer must be able to:
(1) receive connections on port 80 and 443, the 443 port encryption should work fully (not blocked by smart firewall)
(2) connect to the outside on port 443 (idem, encryption should not be blocked by smart firewall)
(3) be able to do dns requests (obviously, that’s a general condition to use internet)
If you can tick all that, I think you should be fine (that’s my personal experience, I’m not a Let’s encrypt engineer)

Hi @wangdao2017

that’s not a certbot version number. These are max. 0.35 / 0.36.

What’s your client?

Thank you for your reply

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.