Error getting validation data

Jumpyy · January 31, 2019, 4:29pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bekunse.spdns.de

I ran this command: sudo certbot certonly --webroot -w /var/www/html/ -d bekunse.spdns.de -m ben.kunze2@gmail.com --agree-tos

It produced this output: Failed authorization procedure. bekunse.spdns.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://bekunse.spdns.de/.well-known/acme-challenge/x6BsrsBcPW6yc8KfjNcczIJcs6uEZYvQPhDbYYisRik: Error getting validation data

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: bekunse.spdns.de
Type: connection
Detail: Fetching
http://bekunse.spdns.de/.well-known/acme-challenge/x6BsrsBcPW6yc8KfjNcczIJcs6uEZYvQPhDbYYisRik:
Error getting validation data

My web server is (include version):

The operating system my web server runs on is (include version): RaspberrianOS 4.14

My hosting provider, if applicable, is: Spydns

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

JuergenAuer · January 31, 2019, 4:40pm

Hi @Jumpyy

checking your domain there is a private ipv4 address ( bekunse.spdns.de - Make your website better - DNS, redirects, mixed content, certificates ): 192.168.. is private, not public.

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
bekunse.spdns.de	A	192.168.178.43	yes	1	0
	AAAA	2a04:4540:8c06:f201:950d:f312:ba66:aa89	yes
www.bekunse.spdns.de		Name Error	yes	1	0

And your ipv6

Domainname	Http-Status	Sec.	G
• http://bekunse.spdns.de/
2a04:4540:8c06:f201:950d:f312:ba66:aa89	-14	10.026	T
Timeout - The operation has timed out

• https://bekunse.spdns.de/
2a04:4540:8c06:f201:950d:f312:ba66:aa89	-14	10.023	T
Timeout - The operation has timed out

• http://bekunse.spdns.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a04:4540:8c06:f201:950d:f312:ba66:aa89	-14	10.027	T
Timeout - The operation has timed out

doesn't answer, perhaps it's not configured.

So it's impossible that Letsencrypt finds the validation file in /.well-known/acme-challenge.

rg305 · February 1, 2019, 2:14am

As mentioned, you may need to remove the IPv6 address from your domain.
[or ensure it works same as the IPv4 address]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ok that was a huge misstatement.
The IPv4 addess fails as it a non-routeable (RFC 1918) IP 192.168.x.x

So remove the IPv4 address and fix the IPv6 address.

Connecting to bekunse.spdns.de (bekunse.spdns.de)|2a04:4540:8c06:f201:950d:f312:ba66:aa89|:80... failed: Permission denied.

system · March 3, 2019, 2:14am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.