Http-01 challenge fails with timeout

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
prager.homeip.net

I ran this command:
certbot certonly --manual

It produced this output:

Create a file containing just this data:

Fwg6jifl5hrtg0BCcGYGqXlciS8jov57ot5lzMD7tgs.spbXrlTWIit5pTF3FGY0qnczT3eIoIxxOWDpeg-eIiw

And make it available on your web server at this URL:

http://prager.homeip.net/.well-known/acme-challenge/Fwg6jifl5hrtg0BCcGYGqXlciS8jov57ot5lzMD7tgs


Waiting for verification…
Challenge failed for domain prager.homeip.net
http-01 challenge for prager.homeip.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):
nginx version: nginx/1.17.8

The operating system my web server runs on is (include version):
Darwin loki 19.3.0 Darwin Kernel Version 19.3.0: Thu Jan 9 20:58:23 PST 2020; root:xnu-6153.81.5~1/RELEASE_X86_64 x86_64

My hosting provider, if applicable, is:
n/a

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.2.0

I can indeed retrieve the correct content with curl from the correct url:
$ curl http://prager.homeip.net/.well-known/acme-challenge/Fwg6jifl5hrtg0BCcGYGqXlciS8jov57ot5lzMD7tgs
Fwg6jifl5hrtg0BCcGYGqXlciS8jov57ot5lzMD7tgs.spbXrlTWIit5pTF3FGY0qnczT3eIoIxxOWDpeg-eIiw

Thank you for any help!

2 Likes
2

Hi @bprager

your domain doesn't answer - https://check-your-website.server-daten.de/?q=prager.homeip.net%2F.well-known%2Facme-challenge%2Ffwg6jifl5hrtg0bccgygqxlcis8jov57ot5lzmd7tgs

Only timeouts:

Domainname Http-Status redirect Sec. G
http://prager.homeip.net/.well-known/acme-challenge/fwg6jifl5hrtg0bccgygqxlcis8jov57ot5lzmd7tgs
125.24.168.57 -14 10.033 T
Timeout - The operation has timed out
http://www.prager.homeip.net/.well-known/acme-challenge/fwg6jifl5hrtg0bccgygqxlcis8jov57ot5lzmd7tgs
125.24.168.57 -14 10.033 T
Timeout - The operation has timed out
https://prager.homeip.net/.well-known/acme-challenge/fwg6jifl5hrtg0bccgygqxlcis8jov57ot5lzmd7tgs
125.24.168.57 -14 10.050 T
Timeout - The operation has timed out
https://www.prager.homeip.net/.well-known/acme-challenge/fwg6jifl5hrtg0bccgygqxlcis8jov57ot5lzmd7tgs
125.24.168.57 -14 10.027 T
Timeout - The operation has timed out
http://prager.homeip.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
125.24.168.57 -14 10.030 T
Timeout - The operation has timed out
Visible Content:
http://www.prager.homeip.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
125.24.168.57 -14 10.027 T
Timeout - The operation has timed out

May be a firewall or a wrong router configuration.

Is this - 125.24.168.57 - your ip? That's the ip of your domain.

3 Likes
3

That is correct ‘125.24.168.57’ is the ip address of my domain.

2 Likes
4

also https://check-your-website.server-daten.de/?q=prager.homeip.net%2F.well-known%2Facme-challenge%2Ffwg6jifl5hrtg0bccgygqxlcis8jov57ot5lzmd7tgs works from here. Maybe Thailand Internet provider issues?

1 Like
5

Fetching the check-your-website URL works, but the page on check-your-website is saying that it attempted to reach your website and it got a timeout, confirm what the Let’s Encrypt servers said: they can’t connect to your website.

Many ISPs block inbound traffic like HTTP. It looks like your ISP might be doing that. Have you ever succeeded in running a plain HTTP website on your domain name? I would try to get that working first. Probably you should call your ISP and ask whether they block HTTP traffic.

3 Likes
6

Oh, and one other common cause of problems for home users: You might be running a server behind your personal router / firewall, and your personal router / firewall is not forwarding HTTP traffic to your server. If that’s the case, you’ll need to configure your router to forward traffic to your server.

3 Likes
7

Maybe. Ask your provider if port 80 is blocked. Perhaps use dns validation + --manual. That should always work - but it's painful, no automation.

Your hostname

node-x89.pool-125-24.dynamic.totinternet.net

answers via ping, so your ip address is online. Same with tracert.

Check the documentation of your router to see, how port forwarding works.

Doesn't look like a blocked ip address.

3 Likes
8

I changed my router configuration to port 8080 and that seems to work. In this case it would be the provider, right? Bad luck for me.

1 Like
9

Yep, http://prager.homeip.net:8080/ answers with the standard nginx page.

But if it's not possible to use port 80, then you can't use http validation.

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.