Connection reset by peer

rebespain · January 24, 2024, 1:50pm

Cuando trato de crear un nuevo certificado usando Certify en dominios que están alojados en Arsys, siempre obtengo la respuesta:

Fetching http://[domain].es/.well-known/acme-challenge/9fhCBbp2nbH7GoaGjACx7_L-_PpIuPpr7qrMM0zZ3Qs: Connection reset by peer [BadRequest :: urn:ietf:params:acme:error:connection]

Si trato de crear certificados con otros dominios en otro ISP, no tengo problema

MikeMcQ · January 24, 2024, 2:26pm

Ese error suele ser causado por un firewall. Si proporciona un nombre de dominio real, es posible que podamos brindarle más detalles. Es posible que necesites contactar con Arsys.

Esto fue traducido por una máquina.

rebespain · January 24, 2024, 3:52pm

Hola, el dominio es test.redbms.es
Desde la misma máquina que esta esta url, podemos renovar otras con el mismo dominio redbms.es, pero no podemos crear certificados nuevos.

Al hacer el test del sitio, Certify devuelve esto:
Verified URL is accessible: http://test.redbms.es/.well-known/acme-challenge/configcheck

Pero al intentar solicitar el certificado, obtenemos esto:
2024-01-24 17:06:25.205 +01:00 [INF] ---- Beginning Request [A_QUITAR] ----
2024-01-24 17:06:25.205 +01:00 [INF] Certify/6.0.13.0 (Windows; Microsoft Windows NT 10.0.17763.0)
2024-01-24 17:06:25.205 +01:00 [INF] Beginning certificate request process: A_QUITAR using ACME provider Anvil
2024-01-24 17:06:25.205 +01:00 [INF] The selected Certificate Authority is: Let's Encrypt
2024-01-24 17:06:25.205 +01:00 [INF] Requested identifiers to include on certificate: test.redbms.es [dns]
2024-01-24 17:06:26.337 +01:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/111653265/239107358316
2024-01-24 17:06:27.757 +01:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/307676108956/TH6Kqw
2024-01-24 17:06:28.114 +01:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/307676108956/8TUQsA
2024-01-24 17:06:35.575 +01:00 [INF] Http Challenge Server process available.
2024-01-24 17:06:35.575 +01:00 [INF] Preparing automated challenge responses for: test.redbms.es [dns]
2024-01-24 17:06:35.575 +01:00 [INF] Preparing challenge response for the issuing Certificate Authority to check at: http://test.redbms.es/.well-known/acme-challenge/0NwU5VVnHa05gHo5ekyMGcAQXcXsZVjYG2ObMMhQBCg with content 0NwU5VVnHa05gHo5ekyMGcAQXcXsZVjYG2ObMMhQBCg.IUGPlaFofjRDYAmToLDESkjY44gpaQRVrRRkfFCiERs
2024-01-24 17:06:35.575 +01:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2024-01-24 17:06:35.622 +01:00 [INF] Using website path D:\TEST
2024-01-24 17:06:35.622 +01:00 [INF] Checking URL is accessible: http://test.redbms.es/.well-known/acme-challenge/0NwU5VVnHa05gHo5ekyMGcAQXcXsZVjYG2ObMMhQBCg [proxyAPI: True, timeout: 5000ms]
2024-01-24 17:06:35.818 +01:00 [INF] URL is accessible. Check passed.
2024-01-24 17:06:35.818 +01:00 [INF] Resuming certificate request using CA: Let's Encrypt
2024-01-24 17:06:35.818 +01:00 [INF] Attempting challenge response validation for: test.redbms.es [dns]
2024-01-24 17:06:35.818 +01:00 [INF] [Progress] Checking automated challenge response for: test.redbms.es [dns]
2024-01-24 17:06:35.818 +01:00 [INF] Submitting challenge for validation: test.redbms.es [dns] http://test.redbms.es/.well-known/acme-challenge/0NwU5VVnHa05gHo5ekyMGcAQXcXsZVjYG2ObMMhQBCg
2024-01-24 17:06:41.892 +01:00 [ERR] [Progress] Validation failed: test.redbms.es [dns]
Response from Certificate Authority: 82.223.222.91: Fetching http://test.redbms.es/.well-known/acme-challenge/0NwU5VVnHa05gHo5ekyMGcAQXcXsZVjYG2ObMMhQBCg: Connection reset by peer [BadRequest :: urn:ietf:params:acme:error:connection]
2024-01-24 17:06:41.907 +01:00 [ERR] Validation of the required challenges did not complete successfully. Validation failed: test.redbms.es [dns]
Response from Certificate Authority: 82.223.222.91: Fetching http://test.redbms.es/.well-known/acme-challenge/0NwU5VVnHa05gHo5ekyMGcAQXcXsZVjYG2ObMMhQBCg: Connection reset by peer [BadRequest :: urn:ietf:params:acme:error:connection]

rg305 · January 24, 2024, 4:25pm

LE no puede connectarse port HTTP.

rebespain · January 24, 2024, 4:35pm

Pero si funciona el HTTP, si ejecuto en el navegador la url http://test.redbms.es/ obtengo un texto de prueba que he puesto en el index.
¿Que puedo hacer para que LE conecte con la url?

rg305 · January 24, 2024, 4:44pm

Tienes algun systema de protection IP?

rebespain · January 24, 2024, 4:49pm

Tengo el firewall de Windows, pero los puertos 80 y 443 están totalmente abiertos a cualquier IP

rg305 · January 24, 2024, 5:29pm

no hay nada mas?

rebespain · January 24, 2024, 5:33pm

No. ¿Es posible que la IP del servidor o el dominio estén bloqueados de alguna forma en LE?

rg305 · January 24, 2024, 5:49pm

No. El bloqueo esta en tu lado.

rebespain · January 24, 2024, 8:50pm

Revisando otros casos del foro, he visto esta solución Verification fails - error 400 - #22 by mnemanov y esto es justo lo que me estaba pasando, es ESET el que esta bloqueando las llamadas de LE

system · February 23, 2024, 8:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.