Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
used HCL Domino 12 certlog.nsf database. accepted the terms of use. completed the TLS creditionals document
It produced this output: receive the following message: Cannot verify challenge on server - Check HTTP port 80 inbound connection!
Failed to write one or more challenge(s)
However, when I run a test through the debug. i receive this All OK: No issues were found with mail.suminet.com
My web server is (include version): HCL Domino 12
The operating system my web server runs on is (include version): Windows Server 2016
My hosting provider, if applicable, is: Network Solutions
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
You also likely have one or more firewalls filtering Ports 443, 465, and 587.
$ nmap -Pn -p80,443,465,587 mail.suminet.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-17 00:21 UTC
Nmap scan report for mail.suminet.com (199.119.13.2)
Host is up (0.087s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp filtered https
465/tcp filtered smtps
587/tcp filtered submission
Nmap done: 1 IP address (1 host up) scanned in 2.09 seconds
$ nmap -Pn -p25,80,443,465,587 mail.suminet.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-18 21:39 UTC
Nmap scan report for mail.suminet.com (199.119.13.2)
Host is up (0.086s latency).
PORT STATE SERVICE
25/tcp filtered smtp
80/tcp open http
443/tcp open https
465/tcp filtered smtps
587/tcp filtered submission
Nmap done: 1 IP address (1 host up) scanned in 1.79 seconds
This looks like a config issue for HCL Domino. The error message on the panel is not very helpful. It is not a specific error from Let's Encrypt Servers. It could mean several things.
Have you tried contacting their support directly? Or even their community forum? Either of those will know more about its configuration requirements than we do.
Ok, you were correct. I was provided with a notes.ini setting that needed to be added. However, now we are getting this failure. My network team is asking any advice that you can provide would be greatly appreciated!
The 404 is an HTTP 404 Not Found error. It means the Let's Encrypt server requested the auth token with that HTTP request but your server responded with a not found.
More detail ... in an HTTP Challenge, the ACME Client (Domino here) places a token on the server (often in a file but could be memory). It signals the ACME Server (Let's Encrypt here) to validate that token and issue the cert. The error you see is from the LE Server saying the validation failed with the not found.
I don't know how Domino manages port 80 requests and these tokens. Generally, a 404 indicates the ACME Client and its local server are not coordinated. Maybe the client not using the correct listening method. Or, client placing the token in the wrong folder. These are very general examples among many other possibilities.
