Error getting validation data

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: unifi.avsion.com.au

I ran this command: sudo letsencrypt certonly

It produced this output:
root@unifi:~# sudo letsencrypt certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): unifi.avsion.com.au
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for unifi.avsion.com.au
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. unifi.avsion.com.au (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://unifi.avsion.com.au/.well-known/acme-challenge/Dnz2EZT4Ii5lPDyGPmR_V2teVGhswOYCYGKxCSfacrE: Error getting validation data

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: unifi.avsion.com.au
    Type: connection
    Detail: Fetching
    http://unifi.avsion.com.au/.well-known/acme-challenge/Dnz2EZT4Ii5lPDyGPmR_V2teVGhswOYCYGKxCSfacrE:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    root@unifi:~#

My web server is (include version): Unifi controller

The operating system my web server runs on is (include version): ubuntu 16.04.5 LTS

My hosting provider, if applicable, is: https://ventraip.com.au

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi,

I have a vmware esxi home server and installed a ubuntu 16.04.5 VM that is dedicated to run unifi controller (version 5.10.19). I’m trying to install a LE SSL certificate to my unifi controller FQDN but i’m getting “Error getting validation data” i have correctly entered the DNS A recoreds and i’m able to login remotely and open ports 80,443 in ufw and my router fw. i was following this instructions below:
https://crosstalksolutions.com/lets-encrypt-unifi/

any idea what is the issue i get this error?

Thank you

It seems to be a firewall issue: https://letsdebug.net/unifi.avsion.com.au/27244

Are you sure that Optus allow port 80? Whirlpool reckons it’s blocked: https://whirlpool.net.au/wiki/on_blockport

Maybe try call them.

Hi @avsion

additional:

both ports don’t work, but with different results ( https://check-your-website.server-daten.de/?q=unifi.avsion.com.au ):

Domainname Http-Status redirect Sec. G
http://unifi.avsion.com.au/
122.106.37.27 -14 10.024 T
Timeout - The operation has timed out
https://unifi.avsion.com.au/
122.106.37.27 -2 2.014 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 122.106.37.27:443
http://unifi.avsion.com.au/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.106.37.27 -14 10.024 T
Timeout - The operation has timed out
Visible Content:

Port 80 has a simple timeout. Port 443 is blocked.

Do you have correct port forwards in your router? And there is an active component that blocks.

Hi, Thank you for your reply,

yes open the right ports on my router and ubuntu VM but they are still closed, see below output from ubuntu
root@unifi:~# sudo ufw status
Status: active

To Action From


80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
Anywhere ALLOW 192.168.X.0/24
8443 ALLOW Anywhere
8843/tcp ALLOW Anywhere
8080/tcp ALLOW Anywhere
8880/tcp ALLOW Anywhere
3478/udp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
8843/tcp (v6) ALLOW Anywhere (v6)
8080/tcp (v6) ALLOW Anywhere (v6)
8880/tcp (v6) ALLOW Anywhere (v6)
3478/udp (v6) ALLOW Anywhere (v6)

root@unifi:~# nmap 192.168.X.X

Starting Nmap 7.01 ( https://nmap.org ) at 2019-03-09 19:52 AEDT
Nmap scan report for unifi.avsion.com.au (192.168.X.X)
Host is up (0.000015s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
6789/tcp open ibm-db2-admin
8080/tcp open http-proxy
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 1.67 seconds
root@unifi:~# nmap 192.168.x.x -p80,443

Starting Nmap 7.01 ( https://nmap.org ) at 2019-03-09 19:53 AEDT
Nmap scan report for unifi.avsion.com.au (192.168.x.x)
Host is up (0.000052s latency).
PORT STATE SERVICE
80/tcp closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
root@unifi:~#

The only device in between is the vmware esxi and unifi controller has a configuration file but not sure why 8080,8443 are working and 80,443 not.

any idea?

hi thank you for your help, i’m on the phone with optus checking now if they blocking the ports

edit: they closed i will try monday

From your description, port 80 would only be active while your run certbot in standalone mode.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.