Connection refused and no control over my host provider

HI, my domains are www.marlo.com.mx and www.didascalos.com.mx

During 2020, 2021 and 2022 I did the next procedure in my certbot standalone in windows10 (in this case marlo.com.mx):

  1. ran certbot certonly -d marlo.com.mx -d www.marlo.com.mx --manual
  2. Put the 2 files produced in the /.well-known/acme-challenge/ of each domain
  3. Receive my certificate files for marlo.com.mx
  4. Submit to my support host provider the files (I don't have access to root) and they install them
  5. Check and voilá!

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Recently my certificate expired and I ran the same procedure;
In my cmd I receive the next results:

C:\PROGRA~2\Certbot>certbot certonly -d marlo.com.mx -d www.marlo.com.mx --manual
Saving debug log to C:\Certbot\log\letsencrypt.log
Renewing an existing certificate for marlo.com.mx and www.marlo.com.mx


Create a file containing just this data:

JqhD5i_u5AScwwLIkBK7Dcb7266f3W8PDNb6hdKokDU.c8n19QRlIHjiAnS5dkgGe6WdOJVd7F-igDMtCN8aeBI

And make it available on your web server at this URL:

http://marlo.com.mx/.well-known/acme-challenge/JqhD5i_u5AScwwLIkBK7Dcb7266f3W8PDNb6hdKokDU


Press Enter to Continue


Create a file containing just this data:

RK5VXA39xiynMc3SuokI3NDX-o7UndS1StTfB5QlntM.c8n19QRlIHjiAnS5dkgGe6WdOJVd7F-igDMtCN8aeBI

And make it available on your web server at this URL:

http://www.marlo.com.mx/.well-known/acme-challenge/RK5VXA39xiynMc3SuokI3NDX-o7UndS1StTfB5QlntM

(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet.)


Press Enter to Continue

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: marlo.com.mx
Type: connection
Detail: 159.203.8.241: Fetching http://marlo.com.mx/.well-known/acme-challenge/JqhD5i_u5AScwwLIkBK7Dcb7266f3W8PDNb6hdKokDU: Connection refused

Domain: www.marlo.com.mx
Type: connection
Detail: 159.203.8.241: Fetching http://www.marlo.com.mx/.well-known/acme-challenge/RK5VXA39xiynMc3SuokI3NDX-o7UndS1StTfB5QlntM: Connection refused

Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

I checked the closed issues: Connection Refused and Connection refused

I checked ports 80 and 443 and they are open (with netstat command)

I checked https://check-your-website.server-daten.de/?q=marlo.com.mx but the results are confusing to me.

I also ran the certbot update_symlinks command
and certbot delete --cert-name marlo.com.mx --cert-name www.marlo.com.mx

but... the error remains

Thanks for your help in advance

Víctor

1 Like

Hi @victor_millan, and welcome to the LE community forum :slight_smile:

That means something is[was] blocking/dropping the ACME challenge requests.

I now see redirects:

curl -Ii http://www.marlo.com.mx/
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 18:02:33 GMT
Server: Apache
Location: https://www.marlo.com.mx/
Content-Type: text/html; charset=iso-8859-1

curl -Ii http://www.marlo.com.mx/.well-known/acme-challenge/Test_File-1234 -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 18:04:03 GMT
Server: Apache
Location: https://www.marlo.com.mx/.well-known/acme-challenge/Test_File-1234
Content-Type: text/html; charset=iso-8859-1
6 Likes

It seems that Geo-Location/Fencing OR an IP block list is being used:
See: Let's Debug (letsdebug.net)

6 Likes

Thank you, ¿my host provider is blocking lets encrypt challenges? ¿Do you know a workaround?

Try:

  • Speaking with your HSP about the blocks.

  • Using another FREE CA.

5 Likes

My HSP moved my pages to an non-restricted server. The error persists. They confirmed that there is no restriction to letsEncrypt requests.

I checked if someone has moved something in my certbot directories and one of my employees told me that he removed the subdirectories in /live folder but he reinstalled them from the recycle bin and I dont know if this fact could be the reason behind the problem.

Regards,

Víctor

1 Like

Please show the logs to better understand the current problem.

2 Likes

I don't know what your hosting provider means by a "non-restricted server", but from my point of view your entire site is (still) down: I'm getting "connection refused" errors on port 80 as well as 443 for IP address 159.203.8.241.

2 Likes
2022-10-10 15:23:34,932:DEBUG:certbot._internal.main:certbot version: 1.18.0
2022-10-10 15:23:34,933:DEBUG:certbot._internal.main:Location of certbot entry point: C:\Program Files (x86)\Certbot\bin\certbot.exe
2022-10-10 15:23:34,933:DEBUG:certbot._internal.main:Arguments: ['-d', 'marlo.com.mx', '-d', 'www.marlo.com.mx', '--manual', '--preconfigured-renewal']
2022-10-10 15:23:34,933:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-10-10 15:23:36,283:DEBUG:certbot._internal.log:Root logging level set at 30
2022-10-10 15:23:36,344:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2022-10-10 15:23:36,364:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: Authenticator, Plugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x04CE4A18>
Prep: True
2022-10-10 15:23:36,366:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x04CE4A18> and installer None
2022-10-10 15:23:36,366:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2022-10-10 15:23:36,558:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/292639850', new_authzr_uri=None, terms_of_service=None), eadb475452f1ed52dc25e39a3ac6d9d8, Meta(creation_dt=datetime.datetime(2021, 11, 23, 18, 26, 51, tzinfo=<UTC>), creation_host='Zeus.copaair.com', register_to_eff=None))>
2022-10-10 15:23:36,565:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-10-10 15:23:36,594:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-10-10 15:23:36,975:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2022-10-10 15:23:36,976:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:23:37 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "Dx09Y32TyPo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-10-10 15:23:37,184:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer <certbot._internal.cli.cli_utils._Default object at 0x04CE9BF8>
2022-10-10 15:23:37,344:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2022-09-25 15:43:50 UTC.
2022-10-10 15:23:37,344:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2022-10-10 15:23:37,344:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for marlo.com.mx and www.marlo.com.mx
2022-10-10 15:23:37,665:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): C:\Certbot\keys\0026_key-certbot.pem
2022-10-10 15:23:37,754:DEBUG:certbot.crypto_util:Creating CSR: C:\Certbot\csr\0026_csr-certbot.pem
2022-10-10 15:23:37,755:DEBUG:acme.client:Requesting fresh nonce
2022-10-10 15:23:37,755:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-10-10 15:23:37,820:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-10-10 15:23:37,821:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:23:38 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1DFApRFl7-0R4jznvyJn4Jtd5cUfTutP0Y17wVK71BHuNn4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-10-10 15:23:37,822:DEBUG:acme.client:Storing nonce: 1DFApRFl7-0R4jznvyJn4Jtd5cUfTutP0Y17wVK71BHuNn4
2022-10-10 15:23:37,822:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "marlo.com.mx"\n    },\n    {\n      "type": "dns",\n      "value": "www.marlo.com.mx"\n    }\n  ]\n}'
2022-10-10 15:23:37,835:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkyNjM5ODUwIiwgIm5vbmNlIjogIjFERkFwUkZsNy0wUjRqem52eUpuNEp0ZDVjVWZUdXRQMFkxN3dWSzcxQkh1Tm40IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "SiiLmTaSA5_5WQ1LuE3IgWlMo4X8MTLZZIVO7D-wJyEWuYF2Mbf3ToCHZRylxxrsdUQ9wFVhZ2dNOdyO22mDL14owPEkHGUJgRxtk5JeKwM-I9LwFG_DMmBYXm-pmJyskgN22mtpHLIIEK3qjnDzYpxJGR4ooMPN5HhE4Fu2gQwoGLbiXvGGk9SzMiueCE8W5rpnpEQmiQBIfTIxiA_-5YkbxEw9WNFHKnNQpLDpMPj4bUXZsmkVNw36aXJrZfpaQPsL41YroBgME2u9Mxfx96DFjXFUyQ77n50LmEnTdHEcibZfmDU5BxEwDVaGQtej1iJ5vB-ox_D4KXX72C4HPg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1hcmxvLmNvbS5teCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cubWFybG8uY29tLm14IgogICAgfQogIF0KfQ"
}
2022-10-10 15:23:38,146:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 476
2022-10-10 15:23:38,147:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 10 Oct 2022 20:23:38 GMT
Content-Type: application/json
Content-Length: 476
Connection: keep-alive
Boulder-Requester: 292639850
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/292639850/133370019816
Replay-Nonce: C8789kBV_VIhcIonVYpj1jVPzea7c7ozPTSjfiwABZc4C5Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-10-17T20:23:38Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "marlo.com.mx"
    },
    {
      "type": "dns",
      "value": "www.marlo.com.mx"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/163090658816",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/163090658826"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/292639850/133370019816"
}
2022-10-10 15:23:38,148:DEBUG:acme.client:Storing nonce: C8789kBV_VIhcIonVYpj1jVPzea7c7ozPTSjfiwABZc4C5Y
2022-10-10 15:23:38,149:DEBUG:acme.client:JWS payload:
b''
2022-10-10 15:23:38,176:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/163090658816:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkyNjM5ODUwIiwgIm5vbmNlIjogIkM4Nzg5a0JWX1ZJaGNJb25WWXBqMWpWUHplYTdjN296UFRTamZpd0FCWmM0QzVZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjMwOTA2NTg4MTYifQ",
  "signature": "dKBxq0GleCh0sEM9_F7uMsAe_9nDW-Ifjajvs4zIYLbrdvbb7JI5iw7uwEOIqBHxmxvQg-3R8mw3RQYffzlC_taNzYsXABZnWaCgguLG-2J5JIKlQaJSOLbUlOZBDUQPRfFLIU-HDA1YEEWSj1mAG9iJthcoMho87WuKb1prK2FxgOl4uAqQhr040Pmh2OkgCqb67yabQSMDBmblOzKCpqvg4npnGMFB0fwUtCH6vGkAqng3V5IaojWHFYj0c_gIQAEdW2HDGOWWwN9yEDazcshpMf5HFzWl-qyjqh1mIKyORB42isLpEmRxFWf0cwEAR6rg9OUvUnUH0RB0UGPPeA",
  "payload": ""
}
2022-10-10 15:23:38,271:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/163090658816 HTTP/1.1" 200 796
2022-10-10 15:23:38,273:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:23:38 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 292639850
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 5CA2DJJ6FVsq6KuEr4c1i03od90BMvDrH_pOOWgiTNzCvT4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "marlo.com.mx"
  },
  "status": "pending",
  "expires": "2022-10-17T20:23:38Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658816/54ntAQ",
      "token": "G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658816/LhU3-Q",
      "token": "G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658816/UML8hg",
      "token": "G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc"
    }
  ]
}
2022-10-10 15:23:38,274:DEBUG:acme.client:Storing nonce: 5CA2DJJ6FVsq6KuEr4c1i03od90BMvDrH_pOOWgiTNzCvT4
2022-10-10 15:23:38,275:DEBUG:acme.client:JWS payload:
b''
2022-10-10 15:23:38,299:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/163090658826:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkyNjM5ODUwIiwgIm5vbmNlIjogIjVDQTJESko2RlZzcTZLdUVyNGMxaTAzb2Q5MEJNdkRySF9wT09XZ2lUTnpDdlQ0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjMwOTA2NTg4MjYifQ",
  "signature": "B5wSqPx9nwetwJ_1TxIff5J4RR3UYyXmffEFzboNqsJkcPzavZW7vTA1oZN704Tqx83p9HtnJ8JKAytZL4ctZT6de0viSCSxFnIU4NFKIZ3gX5rD0H0UmIoDlIF09YSQwcQGB65GVd72Eb21GnILBOWMfpKYBbCJdz1NPBQBvQ6QO11hMwTJuLo6lJuuEguFQl6fkMsCNqeECsgH_xC-RqOsUCIJM1LKpq0OoWazLsCAhva3GWMzbLfynCEE3aUsoR4XKbgXgos3WLIabgR-O2UkMvHFpTDTrMSHZ1803fFP_rUn7N5e2_ybixu6BXZfdGZkl5IiEc_t5CbMhY485w",
  "payload": ""
}
2022-10-10 15:23:38,381:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/163090658826 HTTP/1.1" 200 800
2022-10-10 15:23:38,383:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:23:39 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 292639850
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 5CA2iMlSxATIYs3gBoFVNZdpDngLGYt-p-kHS7tQ43h13Mk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.marlo.com.mx"
  },
  "status": "pending",
  "expires": "2022-10-17T20:23:38Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658826/JumSTQ",
      "token": "PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658826/KWpn8Q",
      "token": "PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658826/z-Kn9Q",
      "token": "PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU"
    }
  ]
}
2022-10-10 15:23:38,383:DEBUG:acme.client:Storing nonce: 5CA2iMlSxATIYs3gBoFVNZdpDngLGYt-p-kHS7tQ43h13Mk
2022-10-10 15:23:38,385:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-10-10 15:23:38,385:INFO:certbot._internal.auth_handler:http-01 challenge for marlo.com.mx
2022-10-10 15:23:38,386:INFO:certbot._internal.auth_handler:http-01 challenge for www.marlo.com.mx
2022-10-10 15:23:38,389:DEBUG:certbot._internal.display.obj:Notifying user: Create a file containing just this data:

G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc.c8n19QRlIHjiAnS5dkgGe6WdOJVd7F-igDMtCN8aeBI

And make it available on your web server at this URL:

http://marlo.com.mx/.well-known/acme-challenge/G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc

2022-10-10 15:27:34,939:DEBUG:certbot._internal.display.obj:Notifying user: Create a file containing just this data:

PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU.c8n19QRlIHjiAnS5dkgGe6WdOJVd7F-igDMtCN8aeBI

And make it available on your web server at this URL:

http://www.marlo.com.mx/.well-known/acme-challenge/PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU

(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet.)

2022-10-10 15:29:08,837:DEBUG:acme.client:JWS payload:
b'{}'
2022-10-10 15:29:08,844:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658816/54ntAQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkyNjM5ODUwIiwgIm5vbmNlIjogIjVDQTJpTWxTeEFUSVlzM2dCb0ZWTlpkcERuZ0xHWXQtcC1rSFM3dFE0M2gxM01rIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNjMwOTA2NTg4MTYvNTRudEFRIn0",
  "signature": "jbw7FCkR6rcIaULdR5LcDXzMs47ueV6ARAIecEooVTiEygkcYI7zmRN8G_ZkjBXhq3GZKoS5egboAdXW2Gf1Vg9HpidsDfGJ1Ej0k166u0DcTbUOr52u2IEiDGCdqSwXQvhAtUmMtRPNv9WvN2mVCh2DNafeLQonz-HMVMZcfKXQtoowyZz6Ht3txjnXzejE3l4c7WXapP1ODi9H2nowu3vyYojBmutp8q7br2G_xlqAP7lXT8dzy68nqcKqWkBKCtj9MROwa0ENmC-tjVmltqrBoBky7bpH8sGmdkJVQ2vn0IcPZ5Be5fATRQ3Lwtr4eX0T2AlHoEapN73cCTPQXQ",
  "payload": "e30"
}
2022-10-10 15:29:08,849:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2022-10-10 15:29:09,152:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/163090658816/54ntAQ HTTP/1.1" 400 173
2022-10-10 15:29:09,153:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Date: Mon, 10 Oct 2022 20:29:09 GMT
Content-Type: application/problem+json
Content-Length: 173
Connection: keep-alive
Boulder-Requester: 292639850
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 27126FDUt_Gs2yWLgEHwOGQaN1e9BazWytFaIMzHDoU5tSU

{
  "type": "urn:ietf:params:acme:error:badNonce",
  "detail": "JWS has an invalid anti-replay nonce: \"5CA2iMlSxATIYs3gBoFVNZdpDngLGYt-p-kHS7tQ43h13Mk\"",
  "status": 400
}
2022-10-10 15:29:09,153:DEBUG:acme.client:Retrying request after error:
urn:ietf:params:acme:error:badNonce :: The client sent an unacceptable anti-replay nonce :: JWS has an invalid anti-replay nonce: "5CA2iMlSxATIYs3gBoFVNZdpDngLGYt-p-kHS7tQ43h13Mk"
2022-10-10 15:29:09,153:DEBUG:acme.client:Requesting fresh nonce
2022-10-10 15:29:09,154:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-10-10 15:29:09,238:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-10-10 15:29:09,239:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:29:09 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712vxJ81uAdQ2rPzXzQWjbRMnrAigZ3H7NPl54H_81V8uo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-10-10 15:29:09,240:DEBUG:acme.client:Storing nonce: 2712vxJ81uAdQ2rPzXzQWjbRMnrAigZ3H7NPl54H_81V8uo
2022-10-10 15:29:09,240:DEBUG:acme.client:JWS payload:
b'{}'
2022-10-10 15:29:09,252:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658816/54ntAQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkyNjM5ODUwIiwgIm5vbmNlIjogIjI3MTJ2eEo4MXVBZFEyclB6WHpRV2piUk1uckFpZ1ozSDdOUGw1NEhfODFWOHVvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNjMwOTA2NTg4MTYvNTRudEFRIn0",
  "signature": "U-fRfqIX5smZN353TeBocY4K5Ef9ODjvZVSfozm__uwNMBFLLfJgR6_mR3YQVysJYESIZdJZq7GC5y511RCTCLz1_IfaMX8nc1Ke5jDOMz7j88DISWpM7XEeLXoG94gNAwgXndpWZkeGoBhz8PmQYJyN1LFkwX_KbnIzK_eQ8Pej8Sr7HNWuaNfkbHY0KXnW8U-CwQOdeuhhqFv96LyB0Vtat6qEAvfkWnYX3lcycv9bhgogSseTedGbDZ8e-hGbr5VCdfiw0XGzAkC_ldPw74uBew3_18d5X043P5fOJFm-J-rG68U18rgRoRlPSlWPRqtG5IcqwSlFMBicB4TPVw",
  "payload": "e30"
}
2022-10-10 15:29:09,348:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/163090658816/54ntAQ HTTP/1.1" 200 187
2022-10-10 15:29:09,349:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:29:10 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 292639850
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/163090658816>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658816/54ntAQ
Replay-Nonce: C400cCuk0WKRXhpR6GHIVFui-mjfvxjjEiXk3tMuPUdE62o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658816/54ntAQ",
  "token": "G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc"
}
2022-10-10 15:29:09,349:DEBUG:acme.client:Storing nonce: C400cCuk0WKRXhpR6GHIVFui-mjfvxjjEiXk3tMuPUdE62o
2022-10-10 15:29:09,350:DEBUG:acme.client:JWS payload:
b'{}'
2022-10-10 15:29:09,361:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658826/JumSTQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkyNjM5ODUwIiwgIm5vbmNlIjogIkM0MDBjQ3VrMFdLUlhocFI2R0hJVkZ1aS1tamZ2eGpqRWlYazN0TXVQVWRFNjJvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNjMwOTA2NTg4MjYvSnVtU1RRIn0",
  "signature": "Rrmr5Viy7MrxrQpQ98noFzBMAimPTQJ2W2S83jJUQdNnd9-ssdShy3Ykt8sl1LqdVbPVCNZENodDguiGG1n-UTWr9BPwenmkI5OVp9joi_xzSC-mIeYMJ-wmU7CTWvVFpDrQO3zAd8a3g6CEw_dlWZ3lvtN5XblwpccuGTbLAsZ5gQm6VrEg_OL2r6A04m_RETrxMrV3AoiGsur1fS_-MwlnZR6A5PcSTTv6Iti2Q1JM8dNMD6KHweTjfWMWIGeDfbt0HmflBkVKNr-ohHoJNt6OULhuBIzdN-qEIyNhU40LcFr7e8e9FFeG6Zv6gmE-cm62xD9Gj0A8O2AdbzsGKw",
  "payload": "e30"
}
2022-10-10 15:29:09,452:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/163090658826/JumSTQ HTTP/1.1" 200 187
2022-10-10 15:29:09,453:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:29:10 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 292639850
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/163090658826>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658826/JumSTQ
Replay-Nonce: 2712DjiQN2eVwfsgC5EL1DGAk80j1LT3lxJ3G4SE2g3YnbA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658826/JumSTQ",
  "token": "PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU"
}
2022-10-10 15:29:09,453:DEBUG:acme.client:Storing nonce: 2712DjiQN2eVwfsgC5EL1DGAk80j1LT3lxJ3G4SE2g3YnbA
2022-10-10 15:29:09,453:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-10-10 15:29:10,461:DEBUG:acme.client:JWS payload:
b''
2022-10-10 15:29:10,471:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/163090658816:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkyNjM5ODUwIiwgIm5vbmNlIjogIjI3MTJEamlRTjJlVndmc2dDNUVMMURHQWs4MGoxTFQzbHhKM0c0U0UyZzNZbmJBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjMwOTA2NTg4MTYifQ",
  "signature": "UXIR-2MWae28as0ErvAIt84_I58gwlon7V3pJkUbdMH3xYjmGbT18dcZv3F6RIC6-kkES9AwBQvreYA3J4dKLcvoyeU_0Mg08GWsU5v1-fVpvtn8Beg7r0OWtv1ZsnWtvVMhrTbqL9usCBMs_bVCaTKMlholSAQoPS5KB-0TqxfAvkfpcGZyrVxyoFd7foR26la4e2DMZcaT0xiQzSqVf1nMkKYnmssa_YxpFTpwJ-fvujbRKwMg7l1vwWM78S2YnguXJRnSpCeCdGBckrHsmCVlY8Vg3isvNS5nt2Ebnr-SIlTLWZkjyCGxf4EhyRMhkYY26g3dqKQaONtiIefwpA",
  "payload": ""
}
2022-10-10 15:29:10,558:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/163090658816 HTTP/1.1" 200 1016
2022-10-10 15:29:10,559:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:29:11 GMT
Content-Type: application/json
Content-Length: 1016
Connection: keep-alive
Boulder-Requester: 292639850
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F977qUcvW7AyVmertJLqUjrImFNRF10BHa6xiYcpPWl1130
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "marlo.com.mx"
  },
  "status": "invalid",
  "expires": "2022-10-17T20:23:38Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "159.203.8.241: Fetching http://marlo.com.mx/.well-known/acme-challenge/G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc: Connection refused",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658816/54ntAQ",
      "token": "G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc",
      "validationRecord": [
        {
          "url": "http://marlo.com.mx/.well-known/acme-challenge/G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc",
          "hostname": "marlo.com.mx",
          "port": "80",
          "addressesResolved": [
            "159.203.8.241"
          ],
          "addressUsed": "159.203.8.241"
        }
      ],
      "validated": "2022-10-10T20:29:10Z"
    }
  ]
}
2022-10-10 15:29:10,559:DEBUG:acme.client:Storing nonce: F977qUcvW7AyVmertJLqUjrImFNRF10BHa6xiYcpPWl1130
2022-10-10 15:29:10,560:DEBUG:acme.client:JWS payload:
b''
2022-10-10 15:29:10,569:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/163090658826:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjkyNjM5ODUwIiwgIm5vbmNlIjogIkY5NzdxVWN2VzdBeVZtZXJ0SkxxVWpySW1GTlJGMTBCSGE2eGlZY3BQV2wxMTMwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjMwOTA2NTg4MjYifQ",
  "signature": "prXbuqJRYHK6F_VyUdKWE2kjdYZZHXGV_cozbjcbS7sAKsTKML2ATIotq_DSxkfSypzi_sOmUOoxBkEJUOZEMrRb_ZZNmGjJ8Co_6IiHJ8bGdnU01FJOAWMisTYQMqi6xplzoNi_gyz2Z1cIUUbj-YC9Iar9A6PwYH98peI_zWZ0buDy5PkGo203_fbfZ7gQJKbkTJGQAaCE4Ecbc-984PhuUE-EMqQKTHDFVrJs_j6VLookaOq098wMbEjVGOeZD-oUo694hByPG66H-Oy9FIbwxF76eQ-ymSVY542rKevDVk2Bbva3oPPLSngndkvTAHPiV9-4OkrtuA0tL2tk2A",
  "payload": ""
}
2022-10-10 15:29:10,654:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/163090658826 HTTP/1.1" 200 1032
2022-10-10 15:29:10,655:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Oct 2022 20:29:11 GMT
Content-Type: application/json
Content-Length: 1032
Connection: keep-alive
Boulder-Requester: 292639850
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F9774m2apcShEIb4KdAFqWVpFh7HPBoWKXP2TyuxPC_GCgE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.marlo.com.mx"
  },
  "status": "invalid",
  "expires": "2022-10-17T20:23:38Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "159.203.8.241: Fetching http://www.marlo.com.mx/.well-known/acme-challenge/PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU: Connection refused",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/163090658826/JumSTQ",
      "token": "PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU",
      "validationRecord": [
        {
          "url": "http://www.marlo.com.mx/.well-known/acme-challenge/PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU",
          "hostname": "www.marlo.com.mx",
          "port": "80",
          "addressesResolved": [
            "159.203.8.241"
          ],
          "addressUsed": "159.203.8.241"
        }
      ],
      "validated": "2022-10-10T20:29:10Z"
    }
  ]
}
2022-10-10 15:29:10,655:DEBUG:acme.client:Storing nonce: F9774m2apcShEIb4KdAFqWVpFh7HPBoWKXP2TyuxPC_GCgE
2022-10-10 15:29:10,656:INFO:certbot._internal.auth_handler:Challenge failed for domain marlo.com.mx
2022-10-10 15:29:10,656:INFO:certbot._internal.auth_handler:Challenge failed for domain www.marlo.com.mx
2022-10-10 15:29:10,656:INFO:certbot._internal.auth_handler:http-01 challenge for marlo.com.mx
2022-10-10 15:29:10,656:INFO:certbot._internal.auth_handler:http-01 challenge for www.marlo.com.mx
2022-10-10 15:29:10,656:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Domain: marlo.com.mx
  Type:   connection
  Detail: 159.203.8.241: Fetching http://marlo.com.mx/.well-known/acme-challenge/G2kmTAPs8_zXw6DoQVQNmT1EPHpLrdwr7cSCBSjC1Tc: Connection refused

  Domain: www.marlo.com.mx
  Type:   connection
  Detail: 159.203.8.241: Fetching http://www.marlo.com.mx/.well-known/acme-challenge/PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU: Connection refused

Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.

2022-10-10 15:29:10,692:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-10-10 15:29:10,692:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-10-10 15:29:10,692:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-10-10 15:29:10,712:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "runpy.py", line 194, in _run_module_as_main
  File "runpy.py", line 87, in _run_code
  File "C:\Program Files (x86)\Certbot\bin\certbot.exe\__main__.py", line 29, in <module>
    sys.exit(main())
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 15, in main
    return internal_main.main(cli_args)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1566, in main
    return config.func(config, plugins)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1426, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 117, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\renewal.py", line 333, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 386, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 436, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-10-10 15:29:10,807:ERROR:certbot._internal.log:Some challenges have failed.

I checked ports 80 and 443 and they are open (with netstat command)

From my own test server I can get the ACME challenge token in your log. But, I believe Osiris when he says he gets connection refused. And, the Let's Encrypt servers also get connection refused error.

This looks very much like a firewall blocking just some requests such as based on IP addresses.

For the other volunteers: I checked Max's MSS test site and it reported all was fine.

Other than a firewall I have no other guesses.

(I am using the LE user-agent.  Some headers omitted for readability)
curl -iLk  http://www.marlo.com.mx/.well-known/acme-challenge/PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU  -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Oct 2022 20:40:23 GMT
Server: Apache
Location: https://www.marlo.com.mx/.well-known/acme-challenge/PeYsiCRDe4Ga-fksKCeUGww8XEm_dgV5MyYUhyPCenU

HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 20:40:23 GMT
Server: Apache
X-Powered-By: PleskLin

PeYsi(redacted).c8n1(redacted)
5 Likes

The next tag shows Zeus.copaair.com in the log but currently my computer is called Zeus ¿it is irrelevant?

Meta(creation_dt=datetime.datetime(2021, 11, 23, 18, 26, 51, tzinfo=),creation_host='Zeus.copaair.com', register_to_eff=None))

No, not relevant.

As long as something is blocking some connections resulting in a connection refused error, your problem will keep existing. If you don't have any means to discover this, you might want to look into the dns-01 challenge. But keep in mind that even if you change to the dns-01 challenge and you get a certificate, your site won't be reachable from some part of the world due to the blockade.

5 Likes

Thank you Mike, your comment and Max's MSS test are evidence to discuss it with my HSP.

"This looks very much like a firewall blocking just some requests such as based on IP addresses."

2 Likes

My HSP will check if the firewall is blocking the LetsEncrypt requests. What is the LetsEncrypt IP I should deliver to the HSP so they can verify it?

4 Likes

My entire point was that it's not restricted to Let's Encrypt. I can't reach your site also.

4 Likes

Thank you Schoen.

2 Likes

Finally I get the certificate. With the dns-01 challenge. Thank you all!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.