Error getting validation data

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: Mail.WeronikaMalak.com

I ran this command: sudo certbot certonly --webroot --agree-tos --email Arend@weronikamalak.com -d mail.weronikamalak.com -w /var/www/html/

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.weronikamalak.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain mail.weronikamalak.com
http-01 challenge for mail.weronikamalak.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mail.weronikamalak.com
    Type: connection
    Detail: Fetching http://mail.weronikamalak.com/index.html: Error
    getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): Raspberry Pi 4B 8GB version

The operating system my web server runs on is (include version): Ubuntu server 20.04 LTS

My hosting provider, if applicable, is: The Raspberry Pi

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

The webserver I see when connecting to your domain seems to be redirecting to ../index.html for some reason. Also, the webserver I'm connecting to calls itself "NET-DK".

I'm not familiair with that user agent, could it perhaps be your router in front of your RPi? Did you add the appropriate portmap, i.e. TCP port 80, to your RPi?

I'm trying to make a mail server using iRedmail the ../index.html is the sign in page from the webclient roundcubemail.
i did use UDP on port 80 do i need to have poth protocol's enabled or just TCP?

Also i use the included ISP router from Ziggo/UPC/Vodafone Libratel.etc

I'm not familair with iRedmail. Also, I'm not seeing any login page, it keeps outputting redirects to ../index.html until my cURL tries to retrieve /index.html and then the webserver disconnects without sending any data what so ever.

Anyway, two issues I'm seeing here:

  • The Let's Encrypt validation server requests a token file from the directory /.well-known/acme-challenge/ and the global redirect to ../index.html is messing that up;
  • If the Let's Encrypt also has trouble with retrieving any data from your webserver, just as I'm not able to see index.html, it won't be able to retrieve the token file contents and it will fail also.

Thnx for your help and information, i'm just learning Linux and trying a step by step guide for this, but i'm stuck on this even tho i followd every step, maybe you know why?

How to Easily Set Up a Full-Fledged Mail Server on Ubuntu 20.04 with iRedMail (linuxbabe.com)

That guide mentions the use of Nginx as webserve. However, I'm not seeing any Nginx webserver from my end.

It probably has something to do with:

You should portmap TCP port 80 to your RPi. Not UDP.

Changed it and now i'm getting this:

arend@mail:~$ sudo certbot certonly --webroot --agree-tos --email Arend@weronikamalak.com -d mail.weronikamalak.com -w /var/www/html/
[sudo] password for arend:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.weronikamalak.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain mail.weronikamalak.com
http-01 challenge for mail.weronikamalak.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mail.weronikamalak.com
    Type: connection
    Detail: Fetching
    https://mail.weronikamalak.com/.well-known/acme-challenge/GGkkLEpRlrhYA8CY7G5OKuCCbfMO6rumBevLYW46nTs:
    Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

It seems your nginx is already configured to redirect from HTTP to HTTPS. HTTPS uses TCP port 443 and should also be portmapped in your router. (I left that step for after we got you a certificate, but it seems nginx is already running HTTPS, probably with a fake, self-signed certificate currently, which we want to upgrade to a valid Let's Encrypt certificate.)

Yes it works! and i got the TLS Certificate! Thank you so much! Do you think i can follow this guide further without any problems?

Nice!

I've skimmed the certbot parts and it looks kinda OK. You can continue with the "Installing the Certificate in Nginx" step and the steps after that one.

Note that aaaaaallll the way at the bottom there is a step called "How to Renew TLS Certificate" which is very important. Otherwise your certificate would expire in 90 days and that would be bad. That step mentions a few times commands like:

sudo certbot renew -w /var/www/html/

Note that the use of -w /var/www/html/ is not necessary with the renew command, as the webroot path, which is set with that -w option, is stored in a renewal configuration file by certbot just now when you got the cert for the first time. So it's unnecessary to include it when renewing. You can just run:

sudo certbot renew

just fine.

This is also true when the above command is being used for the cronjob step explained later on. In stead of:

@daily certbot renew -w /var/www/html/ --quiet && systemctl reload postfix dovecot nginx

you can perfectly use:

@daily certbot renew --quiet && systemctl reload postfix dovecot nginx

Good luck!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.