Error getting validation data


#1

Hi, Thank for help. I already studied the issue and tried to fix. But I ll need help. Seems like something simple. Yet I havent found the solution and my issue didnt seem to match other topics.

My domain is: neurotechdesigns.ddns.net

I ran this command: certbot certonly --preferred-challenges http-01 -d neurotechdesigns.ddns.net

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for neurotechdesigns.ddns.net
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. neurotechdesigns.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://neurotechdesigns.ddns.net/.well-known/acme-challenge/gwrsGuuhmWixJXeLXHm3mi-GKYT4tY24XLAo6W8Zkrs: Error getting validation data

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: neurotechdesigns.ddns.net
    Type: connection
    Detail: Fetching
    http://neurotechdesigns.ddns.net/.well-known/acme-challenge/gwrsGuuhmWixJXeLXHm3mi-GKYT4tY24XLAo6W8Zkrs:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): I have just taken this VPS…in the Services I didnt see apache or nignx… Do I need to find this from them ?

The operating system my web server runs on is (include version): Centos 7 OS

My hosting provider, if applicable, is:goolhost

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):not using control panel right now.


#2

Hi @iambesde

there is no running webserver ( https://check-your-website.server-daten.de/?q=neurotechdesigns.ddns.net )

Domainname Http-Status redirect Sec. G
http://neurotechdesigns.ddns.net/
198.15.127.157 -14 10.037 T
Timeout - The operation has timed out
https://neurotechdesigns.ddns.net/
198.15.127.157 -14 10.024 T
Timeout - The operation has timed out
http://neurotechdesigns.ddns.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
198.15.127.157 -14 10.033 T
Timeout - The operation has timed out

Three timeouts. You use standalone, ok, certbot creates a new webserver. But is there a firewall or something else?


#3

Thanks for immediate reply. Appreciate.
Now when I tried to run this …it was conficting with httpd as that was on port 80 …So I disabled httpd from running services. Now that should have some thing to do with no running webserver ? I dont think there is a firewall but Let me check with the VPS provider. Thanks.


#4

If you have a running webserver, you can use this to get a certificate.

But I see only a timeout, so I don’t know if it is a firewall or no running webserver.

Start your webserver, recheck your domain (via https://check-your-website.server-daten.de/?q=neurotechdesigns.ddns.net ), then you know if your domain is global visible.


#5

Ok When I start the httpd which is my webserver Apache.
systemctl start httpd
[root@neurotech ~]# certbot certonly --preferred-challenges http-01 -d neurotechdesigns.ddns.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for neurotechdesigns.ddns.net
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.


#6

Start your webserver.

Then check, if your webserver is worldwide visible.

If yes, use option 2, not 1.


#7

I am thankful for your help. I tried the option 2 …yet the same error as above.
I checked the status of httpd and this line intrigues me.httpd: Could not reliably determine the server’s fully qualified domain name,…message

root@neurotech ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-01-18 15:23:00 EST; 1min 52s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 7995 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 10749 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
CGroup: /system.slice/httpd.service
├─10749 /usr/sbin/httpd -DFOREGROUND
└─10750 /usr/sbin/httpd -DFOREGROUND

Jan 18 15:23:00 neurotech systemd[1]: Starting The Apache HTTP Server…
Jan 18 15:23:00 neurotech httpd[10749]: AH00558: httpd: Could not reliably determine the server’s fully qualified domain name,…message
Jan 18 15:23:00 neurotech systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

Any idea why it saying that. And when I ssh from my computer to login to the hostname it works … So this is visible I think.
ssh root@neurotechdesigns.ddns.net works.


#8

No, it’s not visible. Looks like you have now tested your domain via https://check-your-website.server-daten.de/?q=neurotechdesigns.ddns.net , there is the timeout.

So you see your server internal, but Letsencrypt can’t check the file in /.well-known/acme-challenge Certbot creates.


#9

Can you suggest something. See I got this free ip from noip to map to the VPS IP. Shall I check with them. Does it take some time to become active and visible globally. Its been 5-6 hrs or less since I created this with them.
Regards. Just cant understand.I have used the same hostname ie neurotechdesigns.ddns.net and installed the certificates in September 2018. Since VPS deactivated because we didnt need it. And today again we have reactivated the VPS. I am trying to provide the neccessary information. Thanks for patience.


#10

There is only one ip:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
neurotechdesigns.ddns.net A 198.15.127.157 yes 1 0
AAAA yes

And this is the ip of

vps.cheaphost4you.com [198.15.127.157]

I don’t know if this service blocks port 80 generally or if it is a special problem of your domain name.

You can use dns-01 - validation. Then you don’t need an open port 80. But then you have to create a dns txt entry with a special value. And you have to do that manual if your nf1.no-ip.com` doesn’t have a DNS API.


#11

I can try that…Please direct me about this.


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.