Http-01 Challenges fail

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
rmlensman.com

I ran this command: sudo ./letsencrypt-auto --apache -d rmlensman.com -d www.rmlensman.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for rmlensman.com
http-01 challenge for www.rmlensman.com
Enabled Apache rewrite module
Waiting for verification…
Challenge failed for domain rmlensman.com
Challenge failed for domain www.rmlensman.com
http-01 challenge for rmlensman.com
http-01 challenge for www.rmlensman.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):
Apache/2.4.29

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:
hostway

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version

ufw status = "Apache Full’, ‘Open SSH’
DNS A records rmlensman.com, www.rmlensman.com
DocumentRoot /var/www/rmlensman.com
if you’re using Certbot):

2

Hi @Bobert1

your port 80 doesn't answer, see https://check-your-website.server-daten.de/?q=rmlensman.com

Domainname Http-Status redirect Sec. G
http://rmlensman.com/ 69.112.250.198 -14 10.027 T
Timeout - The operation has timed out
http://www.rmlensman.com/ 69.112.250.198 -14 10.046 T
Timeout - The operation has timed out
https://rmlensman.com/ 69.112.250.198 GZip used - 24165 / 90346 - 73,25 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/962 200 Html is minified: 101,13 % 3.843 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.rmlensman.com/ 69.112.250.198 GZip used - 24171 / 90382 - 73,26 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/962 200 Html is minified: 101,13 % 3.794 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://rmlensman.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 69.112.250.198 -14 10.000 T
Timeout - The operation has timed out
Visible Content:
http://www.rmlensman.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 69.112.250.198 -14 10.043 T
Timeout - The operation has timed out

Port 443 is open, but if you want to renew your certificate via http validation, http + /.well-known/acme-challenge/random-filename must answer (may have a redirect to https).

So

  • your port 80 doesn't work (or)
  • there is a blocking firewall or a regional filter you have to remove.

Letsencrypt must be able to check your domain. But if online tools can't check your domain, Letsencrypt can't check.

3

Thanks for the prompt reply JuergenAuer. Don’t know what’s going on with port 80, will have to consult my ISP I guess. They claim it’s ope, and I’m not aware of any filters, regional or otherwise.

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.