dutchak
December 10, 2018, 9:02am
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: медика-крым.рф
I ran this command: Try to validate domain via http-01 challenge
It produced this output: urn:acme:error:connection, http://медика-крым.рф/.well-known/acme-challenge/3q6lV0GM2LPyRKtOr7B3myaG__NEuZ7Y7t3IuJItXyc : Error getting validatio
My web server is (include version): Nginx
The operating system my web server runs on is (include version): Ubuntu xenial
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
We have a lot of clients and all is work correctly, but for this domain we can’t validate domain.
_az
December 10, 2018, 9:23am
2
Your web server doesn’t appear to be responding to any type of HTTP request on port 80: https://letsdebug.net/xn----7sbldqmcjh3bzi.xn--p1ai/11274
or …
$ curl -i 136.243.25.1
curl: (52) Empty reply from server
1 Like
_az
December 10, 2018, 9:28am
4
$ curl -v медика-крым.рф
* Rebuilt URL to: медика-крым.рф/
* Trying 136.243.25.1...
* TCP_NODELAY set
* Connected to медика-крым.рф (136.243.25.1) port 80 (#0)
> GET / HTTP/1.1
> Host: xn----7sbldqmcjh3bzi.xn--p1ai
> User-Agent: curl/7.61.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host медика-крым.рф left intact
Is there some kind of L7 firewall sitting in front of nginx?
dutchak
December 10, 2018, 9:30am
5
It can be problem with firewall. But i can’t find IP’s for your servers
_az
December 10, 2018, 9:32am
6
Try whitelist the IP for letsdebug.net - 172.104.24.29.
There is no whitelist or known set of IP addresses for Let’s Encrypt’s actual validation servers. These addresses change over time, so they are not published.
So you will need to figure out how to make your server not drop these requests.
Interestingly, the request succeeds if sent over HTTPS:
$ curl -ik https://медика-крым.рф/.well-known/acme-challenge/xx-test
HTTP/2 200
server: nginx
date: Mon, 10 Dec 2018 09:33:31 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=6d5daf6acf84f55005dd078afa017ac1; expires=Tue, 11-Dec-2018 09:33:31 GMT; Max-Age=86400; path=/; domain=.xn----7sbldqmcjh3bzi.xn--p1ai; HttpOnly
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
So something is dropping the requests only on port 80.
1 Like
dutchak
December 10, 2018, 9:39am
7
Thank you. Now I see where is problem. Problem is in DDoS protection for this domain.
2 Likes
system
January 9, 2019, 9:39am
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.