** http-01 challenge failed **

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:library.wccac.net

I ran this command:sudo certbot --apache

It produced this output: - The following errors were reported by the server:

Domain: library.wccac.net
Type: connection
Detail: Fetching
http://library.wccac.net/.well-known/acme-challenge/6NKuHLNiVo_YR8mDCvvcUlp_Y7diNBQvyLL6ILKPFFo:
Timeout during connect (likely firewall problem)

My web server is (include version):
Server version: Apache/2.4.25 (Debian)
Server built: 2019-10-13T15:43:54
VirtualHost configuration:
*:443 ip-172-31-20-212.us-west-2.compute.internal (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 library.wccac.net (/etc/apache2/sites-enabled/library.wccac.net.conf:4)
*:8080 library.wccac.net (/etc/apache2/sites-enabled/library.wccac.net.conf:23)

The operating system my web server runs on is (include version):
Debian GNU/Linux 9.11

My hosting provider, if applicable, is:AWS EC2

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):PuTTY

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.10.1

===========

When running

$ sudo certbot --apache

it fails at http-01 challenging:

http-01 challenge for library.wccac.net
Waiting for verification...
Challenge failed for domain library.wccac.net
http-01 challenge for library.wccac.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: library.wccac.net
  Type: connection
  Detail: Fetching
  http://library.wccac.net/.well-known/acme-challenge/6NKuHLNiVo_YR8mDCvvcUlp_Y7diNBQvyLL6ILKPFFo:
  Timeout during connect (likely firewall problem)

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you're using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

Hi @DHW0715,

This does look to me like a firewall problem. I can't connect to library.wccac.net at all on port 80 or port 8080. With this method the Let's Encrypt CA will need to connect on port 80, but that current doesn't work. Could it be blocked by a firewall policy at the hosting service?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.