Error IssueFromLetsEncrypt

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | abrechnung.livebooking24.de), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: abrechnung.livebooking24.de

I ran this command:

It produced this output:

My web server is (include version):IIS10.0.20348

The operating system my web server runs on is (include version): Win2022

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

https://letsdebug.net The test page shows me the following error for TLS-ALPN-01:

IssueFromLetsEncrypt
Error
A test authorization for abrechnung.livebooking24.de to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
46.16.75.46: Connection reset by peer

Test for HTTP-01: OK
Test for DNS-01: OK

I use the ACMEv2 tool to create the certificates

[VERB] [HTTP] Request completed with status OK
[VERB] [HTTP] Response content: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "During secondary validation: 46.16.75.46: Fetching http://abrechnung.livebooking24.de/.well-known/acme-challenge/O-LTS-46RmiuHXQ9RZE9B5WhI7PpyhaWRP8UsNWhkNw: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/347713617557/mbzMng",
"token": "O-LTS-46RmiuHXQ9RZE9B5WhI7PpyhaWRP8UsNWhkNw",
"validationRecord": [
{
"url": "http://abrechnung.livebooking24.de/.well-known/acme-challenge/O-LTS-46RmiuHXQ9RZE9B5WhI7PpyhaWRP8UsNWhkNw",
"hostname": "abrechnung.livebooking24.de",
"port": "80",
"addressesResolved": [
"46.16.75.46"
],
"addressUsed": "46.16.75.46",
"resolverAddrs": [
"A:10.0.12.83:29255",
"AAAA:10.0.12.83:29255"
]
}
],
"validated": "2024-05-07T07:46:32Z"
}
[EROR] [abrechnung.livebooking24.de] Authorization result: invalid
[EROR] [abrechnung.livebooking24.de] {"type":"urn:ietf:params:acme:error:connection","detail":"During secondary validation: 46.16.75.46: Fetching http://abrechnung.livebooking24.de/.well-known/acme-challenge/O-LTS-46RmiuHXQ9RZE9B5WhI7PpyhaWRP8UsNWhkNw: Timeout during connect (likely firewall problem)","status":400,"instance":null}

It had always worked reliably. Now the certificates are expiring and cannot be renewed. Where is the error?
There have been no changes to the firewall, IIS ....
What needs to be done so that the certificates can be created again?

THANKS

1 Like

If this was working before then the most likely cause is that you are filtering incoming HTTP requests to only allow certain geographic locations or IP ranges, either in Windows Firewall or at the network level.

Let's Encrypt recently started to validate domains from additional locations, so it's HTTP validation is incompatible with geographic filters.

You can either unblock the incoming connections or switch to DNS validation instead of HTTP validation.

3 Likes

Please see this pinned thread:

3 Likes

Yes, thank you, geoblocking was the solution. All certificates could be renewed.
It would be good to know the IP addresses in order to release them. Understand the thinking behind this being abused.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.