Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: X.X.tech
I ran this command: I followed the below process,
I can bet almost any IT technician have heard of Letsencrypt certificates. They are completely free and fully supported by big corps such as Google, Facebook, Microsoft, and many others, to have a more secure and privacy-respecting Web. A lot of...
It produced this output: Type :
ResourceUrl : https://acme-v02.api.letsencrypt.org/acme/order/1460432416/228620585156 https://acme-v02.api.letsencrypt.org/acme/authz-v3/292840342806 }https://acme-v02.api.letsencrypt.org/acme/finalize/1460432416/228620585156
My web server is (include version): Using application gateway
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: NA
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NA
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Osiris
December 12, 2023, 7:42am
2
Here you can find the actual error:
104.40.147.146: Fetching http://acona-dev.bosch.tech/.well-known/acme-challenge/flxT3fv0kTjJqTNgJdllj-9ZTAvUfug2cki-OL2qdA4: Timeout during connect (likely firewall problem)
You need to make sure that IP address is reachable on port 80 from the public internet.
2 Likes
Thanks!! which IP i have to whitelist? My automation account is not inside the network. So can you please suggest which IP needs to be whitelisted?
1 Like
Osiris
December 12, 2023, 12:12pm
4
There's nothing to whitelist: Let's Encrypt validates from multiple vantage points and these IP addresses can and do change without warning.
2 Likes
Again I have received the same error. So with Azure can you please confirm what do i need to allow?
Trying to get a new certificate for X.X.tech
ResourceUrl : https://acme-v02.api.letsencrypt.org/directory https://acme-v02.api.letsencrypt.org/acme/new-acct https://acme-v02.api.letsencrypt.org/acme/new-nonce https://acme-v02.api.letsencrypt.org/acme/new-order https://acme-v02.api.letsencrypt.org/acme/key-change https://acme-v02.api.letsencrypt.org/acme/revoke-cert
UimiYl39npsXtxCevCss1pF71YMuVbydkpxH3e5OOOoRORwqhw4
Type : http-01pqU0kEg5LEKEJ -wS2XkltIdZLNZdBNFzxJTaER7qApqU0kEg5LEKEJ -wS2XkltIdZLNZdBNFzxJTaER7qApqU0kEg5LEKEJ -wS2XkltIdZLNZdBNFzxJTaER7qApqU0kEg5LEKEJ -wS2XkltIdZLNZdBNFzxJTaER7qApqU0kEg5LEKEJ -wS2XkltIdZLNZdBNFzxJTaER7qA.mzG7rcIn7OKVLf_1cq06n3bxxMUpt-3yIBiPMlIaJkI
ICloudBlob : Microsoft.Azure.Storage.Blob.CloudBlockBlobpqU0kEg5LEKEJ -wS2XkltIdZLNZdBNFzxJTaER7qA
Type :
ResourceUrl : https://acme-v02.api.letsencrypt.org/acme/order/1460914116/228675213766 https://acme-v02.api.letsencrypt.org/acme/authz-v3/292914842866 }https://acme-v02.api.letsencrypt.org/acme/finalize/1460914116/228675213766
rg305
December 12, 2023, 3:22pm
6
Source: 0.0.0.0/0port: 80
4 Likes
But if we allow all the IPs then its a risk right? to the application
If you allow access to 443 from anywhere, also allowing access to 80 isn't really more of a risk.
If your site is closed and only allows internal users to connect, then you need to either (1) script allowing for anyone to be able to connect when doing a renewal, or (2) use the DNS-01 challenge method instead which requires scripting updates to your DNS server.
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
4 Likes
system
January 14, 2024, 4:23pm
9
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.