Error create new certificate with Certify The Web

sterret · May 2, 2023, 7:04am

Hi, i have a problem on creation of certificate, the test successfull but the request certificate finished with error

One certificate is currently use, the domain name is reachable, the firewall is good, and other similar things

Do you have any idea what I can do?

2023-05-02 08:54:33.238 +02:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: xxxxxxx.xxxx.xxxxxx.fr
xxx.x.xxx.xx: Fetching http://xxxxxxx.xxxx.xxxxxx.fr/.well-known/acme-challenge/mln21QLVZUq84Kr7h8HNOCdZkGTZbxuZQvthduB_pwc: Timeout during connect (likely firewall problem) BadRequest urn:ietf:params:acme:error:connection

webprofusion · May 2, 2023, 7:36am

This error says that Let's Encrypt couldn't communicate with your server over http (TCP port 80). If you can share your real domain I could check that for you, otherwise you need to double check that TCP port 80 traffic is indeed reaching the correct machine. Checking from your phone using the mobile network is often a good test.

As well as firewalls, you need to look out for domains sometime pointing to IPv6 addresses (having a AAAA record in DNS) which inevitably end up pointing to a server run by your DNS host instead of your actual server. You can diagnose that using https://letsdebug.net/

sterret · May 2, 2023, 9:03am

Thanks my problem it TCP port 80, Got a new firewall and it's kidding me !

sterret · May 2, 2023, 9:04am

But i have another problem with my autodiscover certificat i have a error DNS

sterret · May 2, 2023, 9:05am

NoRecords

FATAL

No valid A or AAAA records could be ultimately resolved for autodiscover.xxxx-xxxxxx.fr. This means that Let's Encrypt would not be able to connect to your domain to perform HTTP validation, since it would not know where to connect to.

No A or AAAA records found.

webprofusion · May 2, 2023, 12:26pm

Yes you will need your autodiscover record to also point to the same server otherwise you won't be able to get a certificate for it using http validation.

You could use DNS validation instead but that's a little more complicated and depends on whether your DNS provider is supported for automated updates.

system · June 1, 2023, 12:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.