Fetch to .well-known/acme-challenge times out


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: goodnewsnexus.com

I ran this command: sudo -S certbot-auto --verbose --agree-tos --non-interactive --text --redirect --reinstall --apache --expand --webroot-path /var/www/html --email xxx@yyy.com -d newhictest.goodnewsnexus.com,thehouseofpraisetest.goodnewsnexus.com

It produced this output:IMPORTANT NOTES:

My web server is (include version): Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 14.04.5

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

You need to allow traffic on port 80 and not just 443. The HTTP-01 challenge always uses port 80 (it will happily follow a redirect to port 443, but it will always connect to port 80 first).


#3

I have port 80 open for traffic coming from my IP. Do I need to open it up to Anywhere?
Funny thing about the error is that the other subdomain resolved successfully.


#4

Yes, you need to open it up to anywhere. The Let’s Encrypt validation servers (whose IP addresses are intentionally not listed anywhere) must be able to access it.


#5

Thanks so much! I temporarily opened it to Anywhere and it worked.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.