Error during request


#1

Hello,

When i do a request i get the following error and although it works on multiple servers i have and i use the same configs i have no clue what’s going wrong.
I use Directadmin and contacted support there and they say and checked everything is okay with settings.

I still get the following error when doing a request:

Getting challenge for grappigefeiten.nl from acme-server…
Waiting for domain verification…
Challenge is invalid. Details: Could not connect to grappigefeiten.nl. Exiting…

We also could not do a getssl request from this server while the support there says they can perfectly connect with our server.

There seems to be something going wront between Let’s Encrypt and this server if you ask me.

Can someone please advice me where this could go wrong and how to solve this?
I tried so much already and am out of idea.

Thanks in advance.


#2

try using curl to access the file

it may be that the server is working however the file is not being served up (due to MIME issues)


#3

I tried, below the output. Looks good.

/usr/local/bin/curl -I -L -k -X GET http://web02.xxx.xxx/.well-known/acme-challenge/test.txt
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2017 13:16:17 GMT
Content-Length: 5
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Sat, 28 Jan 2017 13:16:02 GMT
ETag: "5-54727625425f8"
Accept-Ranges: bytes
Vary: User-Agent
Content-Type: text/plain
Content-Length: 5
Connection: keep-alive

(actual domain changed to xxx)

I thought it was the ip so i also tested a domain on a different ip adress on a different subnet.
This also did not work.

Directadmin answered:
It’s hard to say why 3rd party (Let’s Encrypt) cannot reach your servers. You might try tcpdump’ing their response to see if they really cannot reach the server. Also, it might be worth to try assigning worteldoekshop.nl a different IP, from a working IP range and see if it solves the problem (if it does, Let’s Encrypt is blocking your server IPs for some reason, or your DC is blocking requests from Let’s Encrypt to particular IP addresses).

I am really out of ideas here. Is there anyone who has something i can test to make this work?


#4

What’s the domain name ?

In your first post you mention grappigefeiten.nl - and with a curl I can reach a test file within that domain

curl -i http://grappigefeiten.nl/.well-known/acme-challenge/test.txt
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2017 13:29:41 GMT
Content-Type: text/plain
Content-Length: 5
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2017 12:27:42 GMT
ETag: "5-5460d13b4ee6b"
Accept-Ranges: bytes
Vary: User-Agent

test

In your second post you mention “web02.xxx.xxx/.well-known/acme-challenge/test.txt” but web02.grappigefeiten.nl doesn’t exist - so I’m not sure what the domain name is to be able to help.


#5

Thanks for your reply.

grappigefeiten.nl is now moved to a different server so we can roll out ssl for them succesfully.

This is a domain on the server with problems.
http://mijndns.hosting/.well-known/acme-challenge/test.txt
or
nintendo-switch.shop/.well-known/acme-challenge/test.txt


#6

I can reach both of those from a couple of different locations. Is there any firewall that could be blocking access ?

Also, could you provide the log from letsencrypt during the attempt to obtain a cert please ( it’s sometimes easier to paste it at pastebin.com or similar )


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.