I got the below error while generating the certificate. Please help me to solve below error.
Error: Domain challenge failed. Please start back at Step 1. { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:connection”, “detail”: “Fetching http://####/.well-known/acme-challenge/ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU: Timeout”, “status”: 400 }, “uri”: “#####”, “token”: “ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU”, “keyAuthorization”: “ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU.T-0-RNalZCWnBDrR4f3jsf1rLahJsf_T_Y1oB5Yi5FI”, “validationRecord”: [ { “url”: “http://####/.well-known/acme-challenge/ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU”, “hostname”: “####”, “port”: “80”, “addressesResolved”: [ “####” ], “addressUsed”: “####”, “addressesTried”: [] } ] }
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Error: Domain challenge failed. Please start back at Step 1. { “type”:
“http-01”, “status”: “invalid”, “error”: { “type”:
“urn:acme:error:connection”, “detail”: “Fetching
http://idp.unishivaji.ac.in/.well-known/acme-challenge/ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU:
Timeout”, “status”: 400 }, “uri”: “
http://idp.unishivaji.ac.in/.well-known/acme-challenge/ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU”,
“token”: “ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU”, “keyAuthorization”:
“ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU.T-0-RNalZCWnBDrR4f3jsf1rLahJsf_T_Y1oB5Yi5FI”,
“validationRecord”: [ { “url”: “
http://idp.unishivaji.ac.in/.well-known/acme-challenge/ewstGJzeJFPVcaaV8UO7MApelnJEF8FNeUeovjfr1AU”,
“hostname”: “idp.unishivaji.ac.in”, “port”: “80”, “addressesResolved”: [
“14.139.121.218” ], “addressUsed”: “14.139.121.218”, “addressesTried”: [] }
] }
The operating system my web server runs on is :centos
site used to generate certificate:https://gethttpsforfree.com/
I can login to a root shell on my machine (yes or no, or I don’t know):yes
Thanks!
Did you install the challenge file that gethttpsforfree gave you into your web site? Did you check in a web browser that the challenge file was installed in the right location?
Yes,I installed the challege file at right location .Still it generate
above error.
@cpu, could you see if you can reach this challenge from a Let’s Encrypt data center?
I will ask someone from our operations team to look into the connectivity to 14.139.121.218.
The challenge returns a 404 when curling from various vantage points. I receive 200 OK’s when running curl -IL http://idp.unishivaji.ac.in/.well-known/acme-challenge/
@Vaishali, could you try using a client such as certbot or acme.sh since you have root access to the server? Certbot can be found at https://certbot.eff.org/ and acme.sh at https://github.com/Neilpang/acme.sh
On an apache server I run, this is how I issue/renew certificates.
certbot certonly \
--webroot \
--webroot-path /path/to/htdocs \
--renew-by-default \
--email $YOUREMAIL \
--text \
--agree-tos \
-d idp.unishivaji.ac.in
Additionally, could you post your vhost configuration for that site?
Additionally, the only connections I see in the past 2 weeks for idp.unishivaji.ac.in are from 14.139.116.2 and 2001:470:aa:1d:0:21e:9e75:bd23 . I see no mention of 14.139.121.218 in the logs.
Would you mind trying to issue another certificate so that we can get more data please?
Thanks for the help.Issue was solved.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.