Connection reset by peer - error


#1

My domain is:

testing.penforms.penrad.com

I ran this command:

Complete-ACMEChallenge dns1 -ChallengeType http-01 -Handler manual -force

It produced this output:

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : testing.penforms.penrad.com
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/ephjQMRV49XJoa64ifMHNoqeM7w_0WNuBWOL1B8MGJ0
Status : pending
Expires : 6/13/2018 12:37:10 PM
Challenges : {manual, }
Combinations : {1, 0}

My web server is (include version):

Kestrel

The operating system my web server runs on is (include version):

Windows 10

I can login to a root shell on my machine: YES


I’m getting a Connection reset by peer error message.

{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Fetching http://testing.penforms.penrad.com/.well-known/acme-challenge/_QVpP1Q4BnRc-fd2WRG0Laubk8dMRA7KgMD9zm3icSc: Connection reset by peer”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/ephjQMRV49XJoa64ifMHNoqeM7w_0WNuBWOL1B8MGJ0/4984545111”,
“token”: “_QVpP1Q4BnRc-fd2WRG0Laubk8dMRA7KgMD9zm3icSc”,
“keyAuthorization”: “_QVpP1Q4BnRc-fd2WRG0Laubk8dMRA7KgMD9zm3icSc.hKfdQS7I_cOOY8GmIc4MQ9RpEwdJIOTm_oYkCyJZ-Wk”,
“validationRecord”: [
{
“url”: “http://testing.penforms.penrad.com/.well-known/acme-challenge/_QVpP1Q4BnRc-fd2WRG0Laubk8dMRA7KgMD9zm3icSc”,
“hostname”: “testing.penforms.penrad.com”,
“port”: “80”,
“addressesResolved”: [
“216.105.239.55”
],
“addressUsed”: “216.105.239.55”
}
]
}

But when I hit this address locally it works fine, even when I have the Chrome debugger up watching the get.

http://testing.penforms.penrad.com/.well-known/acme-challenge/_QVpP1Q4BnRc-fd2WRG0Laubk8dMRA7KgMD9zm3icSc

Here is what I am returning:

_QVpP1Q4BnRc-fd2WRG0Laubk8dMRA7KgMD9zm3icSc.hKfdQS7I_cOOY8GmIc4MQ9RpEwdJIOTm_oYkCyJZ-Wk

Am I missing something?

Thanks.


#2

Hi @richard.esmond,

This looks like you might have a firewall that blocks connections from certain IP address ranges.

If not, you could look in your web server logs to see if it was your web server that deliberately dropped the connection from Let’s Encrypt.


#3

I am actually watching the log and the HTTP calls look like they are working fine.

Can you try this link and see if you get through?

http://testing.penforms.penrad.com/.well-known/acme-challenge/_QVpP1Q4BnRc-fd2WRG0Laubk8dMRA7KgMD9zm3icSc


#4

I definitely can, but if the certificate authority’s validation servers can’t, it seems like something must be blocking them.


#5

Actually I see the transactions coming through. I have been assuming that there is something about how I am handlling the transaction is somehow off.


#6

Are you sure that you aren’t just seeing your and my tests? If you start over with a new certificate request (that you don’t test for yourself and don’t post here), what will you see in the web server logs?


#7

I watched a dozen calls to my server even before I posted this message.

I am considering creating a new request.


#8

Well, I tested it about 5-6 times and I think other random people reading this forum may have tested it about 3 times, so if you tested it about 3 times yourself, that might be enough account for the dozen hits without a successful visit from the Let’s Encrypt CA itself…


#9

They seem to mostly be coming from 17.133.7.117


#10

That IP address is owned by Apple, probably not Let’s Encrypt.

Let’s Encrypt can reach your server, at least sometimes: https://acme-staging-v02.api.letsencrypt.org/acme/authz/-it8z6A-yH2DoUEE-pzCIKSIIzIS1EwITamDVq4UaAg


#11

LOL - I’m getting trolled by apple!

I’ll redo the request and see if that fixes it.

Thanks!


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.