Getssl: for some reason could not reach http://

lpascual · October 10, 2018, 11:28am

I ran “getssl -d sede.cortesdepallas.es” with error “getssl: for some reason could not reach http://sede.cortesdepallas.es/.well-known/acme-challenge/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE - please check it manually”.
I can test http://sede.cortesdepallas.es/.well-known/acme-challenge/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE externally with no problem.


My domain is: sede.cortesdepallas.es

I ran this command: getssl -d sede.cortesdepallas.es

It produced this output:
 
detected os type = linux
 
checking for required which ... /usr/bin/which
 
checking for required openssl ... /usr/bin/openssl
 
checking for required curl ... /usr/bin/curl
 
checking for nslookup ... /usr/bin/nslookup
 
function nslookup found at /usr/bin/nslookup  - setting DNS_CHECK_FUNC to nslookup
 
checking for required awk ... /usr/bin/awk
 
checking for required tr ... /usr/bin/tr
 
checking for required date ... /usr/bin/date
 
checking for required grep ... /usr/bin/grep
 
checking for required sed ... /usr/bin/sed
 
checking for required sort ... /usr/bin/sort
 
checking for required mktemp ... /usr/bin/mktemp
 
current code is version 2.10
 
Most recent version is  2.10
 
Making temp directory - /root/.getssl/sede.cortesdepallas.es/tmp
 
reading config from /root/.getssl/sede.cortesdepallas.es/getssl.cfg
 
checking config
 
checked ACCOUNT_KEY_TYPE 
 
checked PRIVATE_KEY_ALG 
 
checking domain sede.cortesdepallas.es
 
found IPv6 record for sede.cortesdepallas.es
 
sede.cortesdepallas.es: check_config completed  - all OK
 
getting certificate for sede.cortesdepallas.es from remote server
sede.cortesdepallas.es: no certificate obtained from host
 
Account key exists at /root/.getssl/account.key skipping generation
 
domain key exists at /root/.getssl/sede.cortesdepallas.es/sede.cortesdepallas.es.key - skipping generation
 
created SAN list = subjectAltName=DNS:sede.cortesdepallas.es
 
domain csr exists at - /root/.getssl/sede.cortesdepallas.es/sede.cortesdepallas.es.csr
 
jwk alg = RS256
 
jwk = {"e":"AQAB","kty":"RSA","n":"tPF98G-800ShlWIfayD5rG6fHVw-kotR9UB4wI20uMrlV-cbBwBhf4lB72OCuzlbGzGH_MeWEGVmBAENG-SHu9IS9IVjJA0ezQZhMCvCAAnbQ5HBC-0VoDwJUHQC-9Y9dzZ89hPrYCgdgdEuX_lfBvsCQoFNwTvhZuG6Lm2nSYsC0ExtduAGegsnRo7G3DWbh5Pkg6hwVlLI_g13018KedXQKsWsEqZso_IwmQHcHBYgsjaRe-Ip7AFgDP2YEBNCRCjZLQvboMuYHzt-kVsSRokZUlFDGi2ohkEkDHrvoNm2BzYaj2hzfrabnEZoM3wv2EGv1g1zNH5DOJLgGw13qGqaxUiHcUPdhhn4GYf1jpkyvJeJ5UyAEgvrvIeZ_T7JK-Qa8m5wPLa9mzl629cnEO0IipZ_k-TjYyZswlAkxK4eYPihNj7bcnY4n2ZkhL5qzC3jWBFZEm1g8Zo-y4mxnpK5oBJhqddKT7-lsAuUtxotVtFjYEbx9396zEOLSlYnYU4FT0Hz_THl9odQSOQGmCk4kjfmTIiJiIGLqPtoH12mxqzjqBGP92Wq0gdecljpmQIeIRM1o9EH3e4rCwSYx7GKAuWtNqiL4DMRHfoH8vXjf7JdBXMJkHo7orDReCV6SmGqtgzR6iaqvkE2otNyzGPGSWiaqEeR9-fsDFMbV0E"}
 
thumbprint kDq3PJukolrSTRYoWG67Z5KPLKgugUwyz3Y93pgEZHY
Registering account
 
url https://acme-v01.api.letsencrypt.org/acme/new-reg
 
payload {"resource": "new-reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"}
 
payload64 eyJyZXNvdXJjZSI6ICJuZXctcmVnIiwgImFncmVlbWVudCI6ICJodHRwczovL2xldHNlbmNyeXB0Lm9yZy9kb2N1bWVudHMvTEUtU0EtdjEuMi1Ob3ZlbWJlci0xNS0yMDE3LnBkZiJ9
 
nonce KdZI_2V4ppceLtLwRL6nJYMpNwtteHMkp8aZ9ztjVPY
 
protected {"alg": "RS256", "jwk": {"e":"AQAB","kty":"RSA","n":"tPF98G-800ShlWIfayD5rG6fHVw-kotR9UB4wI20uMrlV-cbBwBhf4lB72OCuzlbGzGH_MeWEGVmBAENG-SHu9IS9IVjJA0ezQZhMCvCAAnbQ5HBC-0VoDwJUHQC-9Y9dzZ89hPrYCgdgdEuX_lfBvsCQoFNwTvhZuG6Lm2nSYsC0ExtduAGegsnRo7G3DWbh5Pkg6hwVlLI_g13018KedXQKsWsEqZso_IwmQHcHBYgsjaRe-Ip7AFgDP2YEBNCRCjZLQvboMuYHzt-kVsSRokZUlFDGi2ohkEkDHrvoNm2BzYaj2hzfrabnEZoM3wv2EGv1g1zNH5DOJLgGw13qGqaxUiHcUPdhhn4GYf1jpkyvJeJ5UyAEgvrvIeZ_T7JK-Qa8m5wPLa9mzl629cnEO0IipZ_k-TjYyZswlAkxK4eYPihNj7bcnY4n2ZkhL5qzC3jWBFZEm1g8Zo-y4mxnpK5oBJhqddKT7-lsAuUtxotVtFjYEbx9396zEOLSlYnYU4FT0Hz_THl9odQSOQGmCk4kjfmTIiJiIGLqPtoH12mxqzjqBGP92Wq0gdecljpmQIeIRM1o9EH3e4rCwSYx7GKAuWtNqiL4DMRHfoH8vXjf7JdBXMJkHo7orDReCV6SmGqtgzR6iaqvkE2otNyzGPGSWiaqEeR9-fsDFMbV0E"}, "nonce": "KdZI_2V4ppceLtLwRL6nJYMpNwtteHMkp8aZ9ztjVPY", "url": "https://acme-v01.api.letsencrypt.org/acme/new-reg"}
 
header, payload and signature = {"header": {"alg": "RS256", "jwk": {"e":"AQAB","kty":"RSA","n":"tPF98G-800ShlWIfayD5rG6fHVw-kotR9UB4wI20uMrlV-cbBwBhf4lB72OCuzlbGzGH_MeWEGVmBAENG-SHu9IS9IVjJA0ezQZhMCvCAAnbQ5HBC-0VoDwJUHQC-9Y9dzZ89hPrYCgdgdEuX_lfBvsCQoFNwTvhZuG6Lm2nSYsC0ExtduAGegsnRo7G3DWbh5Pkg6hwVlLI_g13018KedXQKsWsEqZso_IwmQHcHBYgsjaRe-Ip7AFgDP2YEBNCRCjZLQvboMuYHzt-kVsSRokZUlFDGi2ohkEkDHrvoNm2BzYaj2hzfrabnEZoM3wv2EGv1g1zNH5DOJLgGw13qGqaxUiHcUPdhhn4GYf1jpkyvJeJ5UyAEgvrvIeZ_T7JK-Qa8m5wPLa9mzl629cnEO0IipZ_k-TjYyZswlAkxK4eYPihNj7bcnY4n2ZkhL5qzC3jWBFZEm1g8Zo-y4mxnpK5oBJhqddKT7-lsAuUtxotVtFjYEbx9396zEOLSlYnYU4FT0Hz_THl9odQSOQGmCk4kjfmTIiJiIGLqPtoH12mxqzjqBGP92Wq0gdecljpmQIeIRM1o9EH3e4rCwSYx7GKAuWtNqiL4DMRHfoH8vXjf7JdBXMJkHo7orDReCV6SmGqtgzR6iaqvkE2otNyzGPGSWiaqEeR9-fsDFMbV0E"}},"protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjoiQVFBQiIsImt0eSI6IlJTQSIsIm4iOiJ0UEY5OEctODAwU2hsV0lmYXlENXJHNmZIVncta290UjlVQjR3STIwdU1ybFYtY2JCd0JoZjRsQjcyT0N1emxiR3pHSF9NZVdFR1ZtQkFFTkctU0h1OUlTOUlWakpBMGV6UVpoTUN2Q0FBbmJRNUhCQy0wVm9Ed0pVSFFDLTlZOWR6Wjg5aFByWUNnZGdkRXVYX2xmQnZzQ1FvRk53VHZoWnVHNkxtMm5TWXNDMEV4dGR1QUdlZ3NuUm83RzNEV2JoNVBrZzZod1ZsTElfZzEzMDE4S2VkWFFLc1dzRXFac29fSXdtUUhjSEJZZ3NqYVJlLUlwN0FGZ0RQMllFQk5DUkNqWkxRdmJvTXVZSHp0LWtWc1NSb2taVWxGREdpMm9oa0VrREhydm9ObTJCellhajJoemZyYWJuRVpvTTN3djJFR3YxZzF6Tkg1RE9KTGdHdzEzcUdxYXhVaUhjVVBkaGhuNEdZZjFqcGt5dkplSjVVeUFFZ3ZydkllWl9UN0pLLVFhOG01d1BMYTltemw2MjljbkVPMElpcFpfay1Uall5WnN3bEFreEs0ZVlQaWhOajdiY25ZNG4yWmtoTDVxekMzaldCRlpFbTFnOFpvLXk0bXhucEs1b0JKaHFkZEtUNy1sc0F1VXR4b3RWdEZqWUVieDkzOTZ6RU9MU2xZbllVNEZUMEh6X1RIbDlvZFFTT1FHbUNrNGtqZm1USWlKaUlHTHFQdG9IMTJteHF6anFCR1A5MldxMGdkZWNsanBtUUllSVJNMW85RUgzZTRyQ3dTWXg3R0tBdVd0TnFpTDRETVJIZm9IOHZYamY3SmRCWE1Ka0hvN29yRFJlQ1Y2U21HcXRnelI2aWFxdmtFMm90Tnl6R1BHU1dpYXFFZVI5LWZzREZNYlYwRSJ9LCAibm9uY2UiOiAiS2RaSV8yVjRwcGNlTHRMd1JMNm5KWU1wTnd0dGVITWtwOGFaOXp0alZQWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LXJlZyJ9","payload": "eyJyZXNvdXJjZSI6ICJuZXctcmVnIiwgImFncmVlbWVudCI6ICJodHRwczovL2xldHNlbmNyeXB0Lm9yZy9kb2N1bWVudHMvTEUtU0EtdjEuMi1Ob3ZlbWJlci0xNS0yMDE3LnBkZiJ9","signature": "g0gGo6huoxUWI6fIiTLJOh8tQ9A8us4vqMz2wKu4OOZHwP_eA2HPFy5RA1neb3HpQYKjaCRgK0dVRITp9eSr0hR7QYxZafjrISBHgO_7Xpg2tZ5LhDnd06C8agyvf4tNGMZZkTS1GjOA07iRaSB9GhdAZcCOE-2jlBfBjPz9VaNuMaVY6BdU5PTJmrldq3dhGXbSPWzqrXmnKzOuvH0Suq1ZzY2pTEjQK1vLGBmz6W0JphlRQlXe-AT8J2pW8Hfio9hpx4IBlxrGd6lR3Q7ZE0yeM-dvtYnlJJrpRxO-FC7Vu7ULxaK893F1fskS4tyuEV_VqdtZukLBP8hNoeNGL-KkQ2sTifl04uJLIEL7FaqysHbJHwrc_gW-WuCDWbVlz5UjoxAsd6klAF03FR8CZa0cj3P1cRa_QtqpZjc2vxOJM_B-bjYM3IZyYWaDAiWS2O830v0wcdwrVP1v--ReCyMEMDoKAlyOTll2mZTE-s4isUZl6QP-utNd9CXcWo6l-El7eZNFzasrWJqsbt8MlkIQIA9BBi_gpafVinICW2Zs3tnjURwAusEUmp2tkQqhpMc-p2__IJsgrAlp72_Ijn1DBBX3cOAwjwf6VTGBdZGWxUBEDcVXs8wswnppnk4idcTRoMPqViQDYruJ7_4Lgfq4ih_vVOKoqyJuj49hgtE"}
 
responseHeaders HTTP/1.1 100 Continue
Expires: Wed, 10 Oct 2018 10:59:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Requester: 43490846
Location: https://acme-v01.api.letsencrypt.org/acme/reg/43490846
Replay-Nonce: E5VPeQNHXm-WuLlVsI8VVO14oPOmU1wQnMDFBOkP54s
Expires: Wed, 10 Oct 2018 10:59:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 10 Oct 2018 10:59:49 GMT
Connection: close

 
response {
  "type": "urn:acme:error:malformed",
  "detail": "Registration key is already in use",
  "status": 409
}
 
code 409
 
response status = 
 
Already registered
Verify each domain
Verifying sede.cortesdepallas.es
 
url https://acme-v01.api.letsencrypt.org/acme/new-authz
 
payload {"resource":"new-authz","identifier":{"type":"dns","value":"sede.cortesdepallas.es"}}
 
payload64 eyJyZXNvdXJjZSI6Im5ldy1hdXRoeiIsImlkZW50aWZpZXIiOnsidHlwZSI6ImRucyIsInZhbHVlIjoic2VkZS5jb3J0ZXNkZXBhbGxhcy5lcyJ9fQ
 
nonce CIY7JTxrkuVpegmPN-ZQpiSL7k5YJERxu240sDUDtZs
 
protected {"alg": "RS256", "jwk": {"e":"AQAB","kty":"RSA","n":"tPF98G-800ShlWIfayD5rG6fHVw-kotR9UB4wI20uMrlV-cbBwBhf4lB72OCuzlbGzGH_MeWEGVmBAENG-SHu9IS9IVjJA0ezQZhMCvCAAnbQ5HBC-0VoDwJUHQC-9Y9dzZ89hPrYCgdgdEuX_lfBvsCQoFNwTvhZuG6Lm2nSYsC0ExtduAGegsnRo7G3DWbh5Pkg6hwVlLI_g13018KedXQKsWsEqZso_IwmQHcHBYgsjaRe-Ip7AFgDP2YEBNCRCjZLQvboMuYHzt-kVsSRokZUlFDGi2ohkEkDHrvoNm2BzYaj2hzfrabnEZoM3wv2EGv1g1zNH5DOJLgGw13qGqaxUiHcUPdhhn4GYf1jpkyvJeJ5UyAEgvrvIeZ_T7JK-Qa8m5wPLa9mzl629cnEO0IipZ_k-TjYyZswlAkxK4eYPihNj7bcnY4n2ZkhL5qzC3jWBFZEm1g8Zo-y4mxnpK5oBJhqddKT7-lsAuUtxotVtFjYEbx9396zEOLSlYnYU4FT0Hz_THl9odQSOQGmCk4kjfmTIiJiIGLqPtoH12mxqzjqBGP92Wq0gdecljpmQIeIRM1o9EH3e4rCwSYx7GKAuWtNqiL4DMRHfoH8vXjf7JdBXMJkHo7orDReCV6SmGqtgzR6iaqvkE2otNyzGPGSWiaqEeR9-fsDFMbV0E"}, "nonce": "CIY7JTxrkuVpegmPN-ZQpiSL7k5YJERxu240sDUDtZs", "url": "https://acme-v01.api.letsencrypt.org/acme/new-authz"}
 
header, payload and signature = {"header": {"alg": "RS256", "jwk": {"e":"AQAB","kty":"RSA","n":"tPF98G-800ShlWIfayD5rG6fHVw-kotR9UB4wI20uMrlV-cbBwBhf4lB72OCuzlbGzGH_MeWEGVmBAENG-SHu9IS9IVjJA0ezQZhMCvCAAnbQ5HBC-0VoDwJUHQC-9Y9dzZ89hPrYCgdgdEuX_lfBvsCQoFNwTvhZuG6Lm2nSYsC0ExtduAGegsnRo7G3DWbh5Pkg6hwVlLI_g13018KedXQKsWsEqZso_IwmQHcHBYgsjaRe-Ip7AFgDP2YEBNCRCjZLQvboMuYHzt-kVsSRokZUlFDGi2ohkEkDHrvoNm2BzYaj2hzfrabnEZoM3wv2EGv1g1zNH5DOJLgGw13qGqaxUiHcUPdhhn4GYf1jpkyvJeJ5UyAEgvrvIeZ_T7JK-Qa8m5wPLa9mzl629cnEO0IipZ_k-TjYyZswlAkxK4eYPihNj7bcnY4n2ZkhL5qzC3jWBFZEm1g8Zo-y4mxnpK5oBJhqddKT7-lsAuUtxotVtFjYEbx9396zEOLSlYnYU4FT0Hz_THl9odQSOQGmCk4kjfmTIiJiIGLqPtoH12mxqzjqBGP92Wq0gdecljpmQIeIRM1o9EH3e4rCwSYx7GKAuWtNqiL4DMRHfoH8vXjf7JdBXMJkHo7orDReCV6SmGqtgzR6iaqvkE2otNyzGPGSWiaqEeR9-fsDFMbV0E"}},"protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjoiQVFBQiIsImt0eSI6IlJTQSIsIm4iOiJ0UEY5OEctODAwU2hsV0lmYXlENXJHNmZIVncta290UjlVQjR3STIwdU1ybFYtY2JCd0JoZjRsQjcyT0N1emxiR3pHSF9NZVdFR1ZtQkFFTkctU0h1OUlTOUlWakpBMGV6UVpoTUN2Q0FBbmJRNUhCQy0wVm9Ed0pVSFFDLTlZOWR6Wjg5aFByWUNnZGdkRXVYX2xmQnZzQ1FvRk53VHZoWnVHNkxtMm5TWXNDMEV4dGR1QUdlZ3NuUm83RzNEV2JoNVBrZzZod1ZsTElfZzEzMDE4S2VkWFFLc1dzRXFac29fSXdtUUhjSEJZZ3NqYVJlLUlwN0FGZ0RQMllFQk5DUkNqWkxRdmJvTXVZSHp0LWtWc1NSb2taVWxGREdpMm9oa0VrREhydm9ObTJCellhajJoemZyYWJuRVpvTTN3djJFR3YxZzF6Tkg1RE9KTGdHdzEzcUdxYXhVaUhjVVBkaGhuNEdZZjFqcGt5dkplSjVVeUFFZ3ZydkllWl9UN0pLLVFhOG01d1BMYTltemw2MjljbkVPMElpcFpfay1Uall5WnN3bEFreEs0ZVlQaWhOajdiY25ZNG4yWmtoTDVxekMzaldCRlpFbTFnOFpvLXk0bXhucEs1b0JKaHFkZEtUNy1sc0F1VXR4b3RWdEZqWUVieDkzOTZ6RU9MU2xZbllVNEZUMEh6X1RIbDlvZFFTT1FHbUNrNGtqZm1USWlKaUlHTHFQdG9IMTJteHF6anFCR1A5MldxMGdkZWNsanBtUUllSVJNMW85RUgzZTRyQ3dTWXg3R0tBdVd0TnFpTDRETVJIZm9IOHZYamY3SmRCWE1Ka0hvN29yRFJlQ1Y2U21HcXRnelI2aWFxdmtFMm90Tnl6R1BHU1dpYXFFZVI5LWZzREZNYlYwRSJ9LCAibm9uY2UiOiAiQ0lZN0pUeHJrdVZwZWdtUE4tWlFwaVNMN2s1WUpFUnh1MjQwc0RVRHRacyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWF1dGh6In0","payload": "eyJyZXNvdXJjZSI6Im5ldy1hdXRoeiIsImlkZW50aWZpZXIiOnsidHlwZSI6ImRucyIsInZhbHVlIjoic2VkZS5jb3J0ZXNkZXBhbGxhcy5lcyJ9fQ","signature": "DHtGq5Oot3rs5heCkJ7DdvkaMURIYSMqk_CW7armbfvBXEVPXN_UT8ZWtarIemwBALCjZcrNpXtBIOgCpu27Da3CmetWauJkUCxfAowejOqEQQ0c_2sMAuuky7JirwXyeejCLdbozOb7lq0IV0NNTQkJKzVJvKwPWWsN2JCBsCmpSNr0xXKA5hVCFZW0x1kiBuJyqn4oYKmTsGsNgdJMghsRr1VrFdZA0bDuAhg9GL47gonuSudgQxQJ6t7YxyWfHESkopkRMYXMTgvFO6S2WJmRjhXrEb_7qVdMcj93XkymkfuyMK3PiOH_OkapqAmJVQrEuCiYjtRIqwu6WTcfoO-hkTtluSxbJalzzaQF8w4r16cmeIIPHgB9lf_F2WlJoJeFxkM4Jg0DTmsgPFOBukfAoFpct0Wf2k3901sgY_wa-F-uEIJeBhJc47CZezxsNkgCHXWgeP6exFhmG8Zfs35NGKt-n5bS_ml8xugdzuRFAVDAHuPLClr3Gu0AF7MxSf9iqMJ31vGwEIp2DAfvWfsRfsvj0LWZYDYAmy0gtHpHltzpwaWZ4BxntHQ7B2lWyx4UaA8pKwgthLs0EiZKLnGoS6I27wq6uen7XXjMmAtDWuiVDH8dnehuaYWNETU1iOP63r_47qUUg8ouVx201SWjROPVWmBuXCU0-zy9FEo"}
 
responseHeaders HTTP/1.1 100 Continue
Expires: Wed, 10 Oct 2018 10:59:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1001
Boulder-Requester: 43490846
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/C6HBpBoWr3Xxse5NgrVZLu5hHyP2MkjJtcBzBwuxFg4
Replay-Nonce: wYPqlD05vHTGXgqy0NtAP-oQWKHb9VDpbMKO6dK3kXs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 10 Oct 2018 10:59:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 10 Oct 2018 10:59:51 GMT
Connection: keep-alive

 
response {
  "identifier": {
    "type": "dns",
    "value": "sede.cortesdepallas.es"
  },
  "status": "pending",
  "expires": "2018-10-15T14:42:12Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C6HBpBoWr3Xxse5NgrVZLu5hHyP2MkjJtcBzBwuxFg4/8062604781",
      "token": "AyrjTTjDI1YUYNuwGhkMa11lbAXjGfuBMP6l5macE24"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C6HBpBoWr3Xxse5NgrVZLu5hHyP2MkjJtcBzBwuxFg4/8062604782",
      "token": "hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C6HBpBoWr3Xxse5NgrVZLu5hHyP2MkjJtcBzBwuxFg4/8062604783",
      "token": "wKU0ugyZ3WNxRt364dPBXJhoNwft0YqqlEe6NL9Nqa8"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      2
    ],
    [
      0
    ]
  ]
}
 
code 201
 
response status = pending
 
completed send_signed_request
 
token hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE
 
uri https://acme-v01.api.letsencrypt.org/acme/challenge/C6HBpBoWr3Xxse5NgrVZLu5hHyP2MkjJtcBzBwuxFg4/8062604782
 
keyauthorization hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE.kDq3PJukolrSTRYoWG67Z5KPLKgugUwyz3Y93pgEZHY
 
copying file from /root/.getssl/sede.cortesdepallas.es/tmp/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE to /opt/apache-tomcat-9.0.10/webapps/.well-known/acme-challenge
copying challenge token to /opt/apache-tomcat-9.0.10/webapps/.well-known/acme-challenge/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE
 
copying from /root/.getssl/sede.cortesdepallas.es/tmp/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE to /opt/apache-tomcat-9.0.10/webapps/.well-known/acme-challenge/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE
 
copied /root/.getssl/sede.cortesdepallas.es/tmp/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE to /opt/apache-tomcat-9.0.10/webapps/.well-known/acme-challenge/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE
 
wellknown_url http://sede.cortesdepallas.es/.well-known/acme-challenge/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE
getssl: for some reason could not reach http://sede.cortesdepallas.es/.well-known/acme-challenge/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE - please check it manually

My web server is (include version): Apache Tomcat 9.0.10

The operating system my web server runs on is (include version): openSUSE 42.2 (x86_64)

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

stevenzhu · October 10, 2018, 12:05pm

Hi,

It seems that you have a software block /firewall block on the port 80 when visitors viewing your website outside (your internal Network)
Let’s encrypt need to connect to your servers port 80 and validate security tokens (challenge files) before issue a certificate. (Via HTTP-01)

Thank you

lpascual · October 10, 2018, 2:08pm

Hi.

No. I checked it. And also I can access http://sede.cortesdepallas.es/.well-known/acme-challenge/hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE from LAN’s outside. For example, from my mobile. The response is “hXsE2BPaDK68CiYn6X0b2Odq0X5frSuZPHcBnKlbTSE.kDq3PJukolrSTRYoWG67Z5KPLKgugUwyz3Y93pgEZHY”.

Thanks

cpu · October 10, 2018, 2:16pm

Hi @lpascual,

This error is coming from your ACME client (getssl) and not the Let's Encrypt validation server. I believe the client is doing its own "pre-check" and isn't satisfied for some reason. Can you verify that you're able to access the URL checking from the server running getssl?

JuergenAuer · October 10, 2018, 2:42pm

Hi @lpascual

Letsdebug isn't happy:

Bad Redirects using ipv6 and different answers using ipv4 and ipv6.

lpascual · October 11, 2018, 9:20am

Now the letsdebug’s response is OK, but getssl returns the same error.

cpu · October 11, 2018, 1:48pm

Did you see my earlier reply? Can you verify that you’re able to access the URL checking from the server running getssl?

lpascual · October 11, 2018, 3:24pm

Sorry. I didn’t see it. But finally, I used certbot, and generate the certificate successfully.

Thanks!!

system · November 10, 2018, 3:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL Certificate download error Server	8	2630	August 18, 2018
Getssl for self-signed Web domains (on port 443) Help	4	1834	May 21, 2017
Error getting validation data (400) Help	10	2683	August 27, 2018
Getssl secondary validation error on virtual host server Help	5	552	August 4, 2023
Getssl error after update from 2.28 to 2.29 - Getssl-bug Spaces in SANS causes failure to generate CSR Help	4	1222	October 3, 2020

Getssl: for some reason could not reach http://

Related topics