FailedChallenges: Failed authorization procedure

The letsencrypt.log says timeout, but my access log from apache says that the request has been served: - - [06/Aug/2019:13:39:04 +0200] “GET /.well-known/acme-challenge/0exLEunVGwJq-jsWRkCA8B28wHoPzGbRH_4PfLdDUFY HTTP/1.1” 200 88 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +”

My domain is:

I ran this command:
certbot certonly --manual -d --preferred-challenges http --debug-challenges -v

It produced this output:
FailedChallenges: Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Timeout during connect (likely firewall problem)

My web server is (include version):

The operating system my web server runs on is (include version):
NAME=“Red Hat Enterprise Linux Server”
VERSION=“7.5 (Maipo)”

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.23.0

Hi @pse

checking your domain that looks good -

Domainname Http-Status redirect Sec. G 403 0.064 M
Forbidden 403 0.064 M
Forbidden -14 10.033 T
Timeout - The operation has timed out -14 10.026 T
Timeout - The operation has timed out 404 0.063 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. 404 0.066 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.

Port 80 is open, checking a random file in /.well-known/acme-challenge there is the expected answer http status 404 - Not Found.


One check isn’t enough, there are 4 checks with different ip addresses. Do you have a blocking firewall with regional settings?

Create the two subdirectories yourRoot/.well-known/acme-challenge, there a file (file name 1234), then check the complete url with the online tool, to see, if there is a http status 200 - ok.

If there is a 200, check the same url via

Thanks, that is the problem. I have compared it with another site I have and there is no such regional setting. Are there a workaround or do you have to remove the regional setting?

1 Like

You must allow Letsencrypt to chech your validation file. Remove these regional constraints.

Thank you for your fast response. I will consider if it is possible.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.