Connection Reset By Peer

I have used it on another server with no problem for hundreds of domains, I run it with dns on two wildcard domains but this domain is not mine so I had to resort to the old way. but it is not working anymore.

I got a test in that path:
http://reg.sommerlopet.no/.well-known/acme-challenge/test

So any reason why it shouldn't be working?

My domain is:
reg.sommerlopet.no

I ran this command:
sudo /var/lib/snapd/snap/bin/certbot certonly --apache -d reg.sommerlopet.no --dry-run -v
and
sudo /var/lib/snapd/snap/bin/certbot certonly --webroot -w /var/www/projects/prod/reg.sommerlopet.no -d reg.sommerlopet.no

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Simulating a certificate request for reg.sommerlopet.no
Performing the following challenges:
http-01 challenge for reg.sommerlopet.no
Waiting for verification...
Challenge failed for domain reg.sommerlopet.no
http-01 challenge for reg.sommerlopet.no

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: reg.sommerlopet.no
Type: connection
Detail: 78.41.124.36: Fetching http://reg.sommerlopet.no/.well-known/acme-challenge/nrGHVeyD79YBUnyEm6coJhuiSzwX_TaKWadrUAgyflo: Connection reset by peer

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
Apache/2.4.6

The operating system my web server runs on is (include version):
CentOS 7.9.2009

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.6.0

Yes, you are almost certainly affected by a Palo Alto Networks brand firewall. We have seen a lot of these since early last year.

You should talk to your network admins and have them change the Application Rule for "ACME protocol".

See an earlier post of mine for more info (link here )

You have the same "reset by peer" symptom as that thread. See below a request for that URL returns the expected 404 Not Found unless using a similar user-agent as the Let's Encrypt validation servers. (or a 200 OK when using your 'test' file)

curl -i http://reg.sommerlopet.no/.well-known/acme-challenge/Forum123 -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
curl: (56) Recv failure: Connection reset by peer

curl -i http://reg.sommerlopet.no/.well-known/acme-challenge/Forum123
HTTP/1.1 404 Not Found
Date: Sun, 14 May 2023 22:02:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips

I previosly googled the problem and thought I've come across a good selection of possible explanations but none panned out, but your reply seems to be the at point.

I logged into another server in another network (which is running certbot just fine), and running that curl from there gave me the exact same response as you did, while running it while connected to the network gives me a regular 404. I've previously tested from another server, but not identifying as the certbot itself.

But according to the fact it works from my computer on our vpn but not outside when identifying as the certbot should indicate it is not a firewall on the server itself, but on the network. I forwarded this and my own confirmation test to the hosting supplier so I assume I know if this indeed solves it or not in a matter of minutes.. or hours, it is monday.

Thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.