Fortiweb HTTP-01 or TLS-APLN-01

Dears,

i am facing an issue in let'sencrypt cer with FortiWeb

You will have to share more information. What is the issue? What would you like?

2 Likes

i am trying to get cer but the result as shown

i am trying to get a new cert the result is as shown

/data/etc/acme/my.ltt.ly/cert.pem doesn't exist

I don't think that's your actual problem: from the log you can see it tries to issue a new certificate once it couldn't find the cert.pem. Unfortunately your screenshot doesn't cover the entire log: there should be more below your current screenshot.

Can you perhaps copy/paste the entire log in a post here? Preferably with three backticks (```) above and below the log, so it gets properly formatted for easy reading.

That said, it seems that the IP address 62.68.40.123, which is what my.ltt.ly is pointing at, doesn't answer on port 80 (http-01) nor on port 443 (tls-apln-01). Are those ports opened?

3 Likes

i appreciate your kind support,,

how may time should i wait if i tried more that an hour to try again

1 Like

The "too many failed authorizations recently" error has a sliding window of just one hour. But that's not the main issue. You also need to know WHY the authorization fails to begin with. (See the last part of my previous post about the closed ports. Usually a firewall problem.)

If the authorization fails, it's recommended to switch to the staging environment to debug why the authz is failing without hitting rate limits after a few attempts. I have NO clue how you can do that using Fortiweb though, Google is your friend for that.

2 Likes

it was works well, last night got down alone

Many Thanks for your helping

2 Likes

Have you upgraded the firmware recently?
Have you changed the defined ACME interfaces recently?

Note: "recently" = in the past 90 days

2 Likes

It ijust ssued before about 35 days , so the device (FortiWAF) still with the sme version, no change

Did you change, or add to, the WAN port(s)?
Did you change the routing?
Is there anything in front that might be blocking HTTP from reaching this FortiWAF?

2 Likes

it is working well now,, many thanks :smiling_face_with_three_hearts:

2 Likes

FYI:

3 Likes