I am unable to create a certificate in Fedora 43 for my website. "Some challenges have failed."

Help
21

I would show them the test results from a site like: Check website performance and response : Check host - online website monitoring

You can see ping (icmp) requests work fine but that HTTP (tcp) requests fail.

These are requests directly to you and the HTTP request is for your "home" page. Nothing to do with Let's Encrypt challenge specifically.

I would also double-check that panel you showed for your Spectrum Business. It said something about HTTP and HTTPS but you didn't show the details. Maybe something there needs adjusting.

1 Like
22

Ok, what additional details would you like to see?

23

Well, I'm not a Spectrum expert but check that whatever is in there allows port 80 and port 443.

The Archer AXE300 is a router and it showed links to Port Forwarding. So check that.

You also need to ensure it is setup to work alongside your other TP-Link AXE16000.

1 Like
24

dnfInfoCertboot
dnfInfoCertboot973Γ—386 13.7 KB

25

So with the new customer grade routers they are not to configurable I can't inspect packets but only relay on their port forwarding which http/https is enabled, SSH is not enabled but it shows that the port is open, telnet is not enabled but on the router connected to my server allowed it. I am still trying to determine if this correct behavior given my configuration.

26

apacheConfiguration
apacheConfiguration1102Γ—879 27.2 KB

internet
internet1443Γ—855 62.7 KB

stip1
stip11868Γ—849 48.8 KB

router
router1299Γ—847 32.9 KB

ss2
ss21758Γ—832 70.7 KB

27

ss
ss1909Γ—981 95.6 KB

28

Hi @otikkito,

From the manual located here Download for Archer AXE300 | TP-Link
please read "Chapter 13. NAT Forwarding" and share the Port Forwarding configurations.

29
30

Current firewall configuration.

firewall
firewall602Γ—146 2.74 KB

firewall
firewall899Γ—177 8.25 KB

31

@Bruce5051
Each one of the red arrows points to a device that possibly can drop packets,
often base on TCP vs UDP and on Port number. Thus if TCP Port 80 is dropped
at even one of those devices the connection will not happen. It is also possible
that more than one of those devices can also drop TCP Port 80, so all the devices
between the Internet and your Web Server need to let TCP Port 80 though.

NetD_edited
NetD_edited2048Γ—1583 116 KB

32

@otikkito does that make sense to you?

33

It does, again the problems is I can't inspect packet on the consumer grade routers to see if they are dropped. I implemented port forwarding for http(s) but some reason telnet and SSH and even ftp was working but not the https. I will keep you posted and thanks for the help TP-Link and Let's encrypt so far...

34

So you can see the packets before the TP-Link router (the bottom red arrow)?
And then they never end up at the Home Web Server, correct?

35

I would only be able to see packets from the source and if I routed to a different source. Again, the consumer routers to my knowledge doesn't allow that (packet inspection) unless Spectrum has internal access that is inaccessible to me; which I am reaching out to them next after I reach another tier of technical support with TP-Link.

36

Where is the last place you know the packet successful made it to?

37

It depends on the services. Telnet made it through but was not configured for port forwarding on the spectrum gateway/router which is concerning. Let me look...

38

For Port 80 HTTP and Port 443 HTTPS.

39

@Bruce5051, would a packet capture from a external source trying to access the site work? What would I need to listen for other than incoming port 80/443 http(s) traffic on the home server with local IP address 192.168.100.100?

40

https://ir.charter.com/