Shine
August 17, 2023, 11:17am
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:demotest.kswift.kerala.gov.in
I ran this command:submit challenge for demotest.kswift.kerala.gov.in
It produced this output: Error: Domain challenge failed. Please start back at Step 1. {"identifier":{"type":"dns","value":"demotest.kswift.kerala.gov.in"},"status":"invalid","expires":"2023-08-24T11:02:31Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"x.x.x.x: Fetching https://demotest.kswift.kerala.gov.in/.well-known/acme-challenge/nSH_mp9CRcrn-bR9y9KRx4EFoq0vvyiT200K4KsUn9M: Timeout during connect (likely firewall problem)","status":400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/255771434226/wzqE7A","token":"nSH_mp9CRcrn-bR9y9KRx4EFoq0vvyiT200K4KsUn9M","validationRecord":[{"url":"http://demotest.kswift.kerala.gov.in/.well-known/acme-challenge/nSH_mp9CRcrn-bR9y9KRx4EFoq0vvyiT200K4KsUn9M","hostname":"demotest.kswift.kerala.gov.in","port":"80","addressesResolved":["x.x.x.x"],"addressUsed":"x.x.x.x"},{"url":"https://demotest.kswift.kerala.gov.in/.well-known/acme-challenge/nSH_mp9CRcrn-bR9y9KRx4EFoq0vvyiT200K4KsUn9M","hostname":"demotest.kswift.kerala.gov.in","port":"443","addressesResolved":["x.x.x.x"],"addressUsed":"x.x.x.x"}],"validated":"2023-08-17T11:04:29Z "}]}
My web server is (include version):apache
The operating system my web server runs on is (include version):RHEL
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
9peppe
August 17, 2023, 11:45am
2
Can you open this URL? It should be a 404.
The validation servers cannot connect and neither can I. Do you restrict connections from outside India, perhaps?
4 Likes
Shine
August 17, 2023, 11:53am
3
site is not opening getting error = Your connection is not private. But it is opening in private mode.
Shine
August 17, 2023, 12:00pm
4
yes its getting 404.not restricted outside.
9peppe
August 17, 2023, 1:30pm
5
Well, I don't see the 404.
There's a firewall somewhere that prevents me from seeing it. (I'm in Europe)
4 Likes
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "164.100.197.146:
Fetching https://demotest.kswift.kerala.gov.in/.well-known/acme-challenge/nSH_mp9CRcrn-bR9y9KRx4EFoq0vvyiT200K4KsUn9M:
Timeout during connect (likely firewall problem)",
With a timeout, it is unusual to see HTTPS in the acme-challenge URL.
The first request from Let's Encrypt server is a HTTP request. That got to your server correctly and was then redirected to HTTPS. The HTTPS request then times out. Usually with timeout error no requests get through.
I get a timeout trying to connect using HTTP or HTTPS from the USA
If you repeat the request do you see HTTPS or HTTP in the error message?
3 Likes
rg305
August 17, 2023, 2:48pm
9
I'm unable to connect using:
curl -Ii http://demotest.kswift.kerala.gov.in/
curl: (56) Recv failure: Connection reset by peer
curl http://demotest.kswift.kerala.gov.in/
curl: (56) Recv failure: Connection reset by peer
wget http://demotest.kswift.kerala.gov.in/
--2023-08-17 14:48:56-- http://demotest.kswift.kerala.gov.in/
Resolving demotest.kswift.kerala.gov.in (demotest.kswift.kerala.gov.in)... 164.100.197.146
Connecting to demotest.kswift.kerala.gov.in (demotest.kswift.kerala.gov.in)|164.100.197.146|:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
...
--2023-08-17 14:49:46-- (try: 5) http://demotest.kswift.kerala.gov.in/
Connecting to demotest.kswift.kerala.gov.in (demotest.kswift.kerala.gov.in)|164.100.197.146|:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
3 Likes
system
September 16, 2023, 2:52pm
11
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.