HTTP-01 Challenge always invalid (connection timeout)

lee011 · December 1, 2017, 4:10pm

When performing http-01 challenge against my web server using ACMESharp, I always receive error message of Fetching http://lee011.hopto.org/.well-known/acme-challenge/[...]: Timeout and I cannot renew my certificates.

My domain is: lee011.hopto.org

I ran this command:

(Update-ACMEIdentifier -ChallengeType http-01 -IdentifierRef dns1).Challenges | Where-Object {$_.Type -eq "http-01"}

It produced this output:

ChallengePart          : ACMESharp.Messages.ChallengePart
Challenge              : ACMESharp.ACME.HttpChallenge
Type                   : http-01
Uri                    : https://acme-v01.api.letsencrypt.org/acme/challenge/qE0q4Fx6pu2cnq3e9VUJgf8gDHrvRWoBcSaWR33bea0/2615347706
Token                  : aRDNiCIcqPVjLBemVg2CHDPKOh0w1ySswfGjS7JUbm8
Status                 : invalid
OldChallengeAnswer     : [, ]
ChallengeAnswerMessage : 
HandlerName            : manual
HandlerHandleDate      : 01/12/2017 23:27:08
HandlerCleanUpDate     : 
SubmitDate             : 01/12/2017 23:28:14
SubmitResponse         : {StatusCode, Headers, Links, RawContent...}

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

rg305 · December 1, 2017, 6:34pm

Port 80 access is being blocked (or service is not running).
Only port 443 is being allowed to connect.

try changing the challenge type from http-01 to tls-sni-01
(not certain how that is done with that acme client)
OR
(at least) temporarily allow port 80 access.

system · December 31, 2017, 6:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.