Let's Encrypt server has trouble acessing my server


#1

Hi,

I’m trying to issue a certificate as always via the Plesk interface. I tryed it with diffrent domains but it doesen’t work. Here is the output:

Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/0UxLD8Jyv2p_IlLne8o83hvAyu7SYEL3U6Ik-4vLGH0.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching http://le-test.bnamic.com/.well-known/acme-challenge/0dfMsnCcSwMdwi-KvUuLvBrhiwxXQKFaXiYLo5cH8K0: Timeout after connect (your server may be slow or overloaded)

I have tryed lots of stuff but it seems like LE has trouble connecting to my server. I have even mounted the server FS on my laptop and ran the certbot client there manually and with diffrent domains. Same error. The Staging server works sometimes and when issuing certs with lot’s of domains not all fail but when retrying diffrent one fail. This has been happening since today when I tryed about 4 hours ago. Before that I have never had a problem. Is there a problem with the LE server?

Thanks.
Regards


#2

Hi,

Do you happen to have any firewall / iptables setup to filter http connections?

Thank you


#3

I have checked and I have not blocked any IP in iptables. I have also disabled fail2ban because I thought that could be the problem, too. Still nothing.

Regards


#4

emmm… That’s wierd…

Is there any access logs you could share? (You could just record the time certbot performs validation…)

This is the second case I see that have this issue in the past 2 days…

Thank you


#5

https://letsdebug.net/le-test.bnamic.com/4862

@JuergenAuer Almost the same issue (This one is live…)


#6

It’s a normal 200 OK.

The domain in the first post worked on the 3rd try (it’s just a test). But I still have to create a certificate with 22 domains and it continues to fail. That is the one I also tryed with certbot and mounted FS.

Command:

letsencrypt certonly --webroot -w MondiServer/ -d mondiholiday.de -d www.mondiholiday.de -d alpenblickhotel-oberstaufen.de -d www.alpenblickhotel-oberstaufen.de -d aparthotel-bellevue.at -d www.aparthotel-bellevue.at -d seeblickhotel-grundlsee.at -d www.seeblickhotel-grundlsee.at -d genusshotel-tirolensis.it -d www.genusshotel-tirolensis.it -d alpinhotel-schloesslhof.at -d www.alpinhotel-schloesslhof.at -d alpin-chalet.de -d www.alpin-chalet.de -d bellevuealm.at -d www.bellevuealm.at -d schiefe-alm.at -d www.schiefe-alm.at -d siesta.ferienclub.de -d www.siesta.ferienclub.de -d gastein-lodge.at -d www.gastein-lodge.at --config-dir le_mondi --work-dir le_mondi --logs-dir le_mondi --server https://acme-v02.api.letsencrypt.org/directory

Truncated output:
`Obtaining a new certificate
Performing the following challenges:
http-01 challenge for alpenblickhotel-oberstaufen.de
http-01 challenge for alpin-chalet.de
http-01 challenge for alpinhotel-schloesslhof.at
http-01 challenge for aparthotel-bellevue.at
http-01 challenge for bellevuealm.at
http-01 challenge for gastein-lodge.at
http-01 challenge for genusshotel-tirolensis.it
http-01 challenge for mondiholiday.de
http-01 challenge for schiefe-alm.at
http-01 challenge for seeblickhotel-grundlsee.at
http-01 challenge for siesta.ferienclub.de
http-01 challenge for www.alpenblickhotel-oberstaufen.de
http-01 challenge for www.alpin-chalet.de
http-01 challenge for www.alpinhotel-schloesslhof.at
http-01 challenge for www.aparthotel-bellevue.at
http-01 challenge for www.bellevuealm.at
http-01 challenge for www.gastein-lodge.at
http-01 challenge for www.genusshotel-tirolensis.it
http-01 challenge for www.mondiholiday.de
http-01 challenge for www.schiefe-alm.at
http-01 challenge for www.seeblickhotel-grundlsee.at
http-01 challenge for www.siesta.ferienclub.de
Using the webroot path /home/mattia/Desktop/MondiServer for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. alpin-chalet.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://alpin-chalet.de/.well-known/acme-challenge/gQZ6s-X2Vn273WkuuEQ53p4iWKFG4aTGO6JiRf_fjV8: Timeout after connect (your server may be slow or overloaded), alpenblickhotel-oberstaufen.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://alpenblickhotel-oberstaufen.de/.well-known/acme-challenge/Txpv8nVhLZJcOLnrzQh_1YUXAl7VCyaKt95ATowBsRM: Timeout after connect (your server may be slow or overloaded), alpinhotel-schloesslhof.at (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://alpinhotel-schloesslhof.at/.well-known/acme-challenge/poCrfpjkH9SmaiRhwQU21F6HhfQiJpwSFJPshxs_rws: Timeout after connect (your server may be slow or overloaded)

IMPORTANT NOTES:

Webserver logs of that time period (deleted acess to Website resources):
64.78.149.164 - - [13/Sep/2018:19:32:56 +0200] "GET /.well-known/acme-challenge/Txpv8nVhLZJcOLnrzQh_1YUXAl7VCyaKt95ATowBsRM HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:32:57 +0200] " GET /.well-known/acme-challenge/gQZ6s-X2Vn273WkuuEQ53p4iWKFG4aTGO6JiRf_fjV8 HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:32:58 +0200] "GET /.well-known/acme-challenge/NGUhPddQpLNl9wel5-PNyO9vO3krCZ-V-bfz4Gw08x0 HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:32:58 +0200] "GET /.well-known/acme-challenge/wjaYiar_YijUyPiUi5Hgk0Ec6ZRoHvCk9_68wCkagXs HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:32:58 +0200] "GET /.well-known/acme-challenge/poCrfpjkH9SmaiRhwQU21F6HhfQiJpwSFJPshxs_rws HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:32:59 +0200] "GET /.well-known/acme-challenge/OsLftT0zrB_JsQd6ZBOHyQdn_Eq5PNDLSBHpW9XGCLI HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:00 +0200] "GET /.well-known/acme-challenge/OabTwu5vAhMH888ynaBzTClVlrf0ALUXRGxG8gGqjKY HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:00 +0200] "GET /.well-known/acme-challenge/41hjBSqx2Xbhf0kf51WZrBs8a8M6Cqc4mNqzHQzgCr0 HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:01 +0200] "GET /.well-known/acme-challenge/BI9aG0ApypcQRq24dhvhMJiGbXdifZdJHx0cdsFEDA4 HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:01 +0200] "GET /.well-known/acme-challenge/MZDlcHUjztwr9hrxED6jD8sWjhZCHTGSx7gl0BEf7pg HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:01 +0200] "GET /.well-known/acme-challenge/R09ueeUch5iM2uxWDf-yFLeMSQcABB2TgPqnfqoved0 HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:02 +0200] "GET /.well-known/acme-challenge/SJr09EVsWeuX5p-B5BCFGLzZ8cucKyW38ghtWYNSKNk HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:02 +0200] "GET /.well-known/acme-challenge/-yaJXIEHaRu00tWmsm87m6i8yWY9MKUT6ULPXpOAr0g HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:03 +0200] "GET /.well-known/acme-challenge/EkXTFPfSsjRUaif4RFx6sIcWBZMODi6Ftcsz_8yE6c8 HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:03 +0200] "GET /.well-known/acme-challenge/xbwwlirflQmMXyYB-ScfaCOZnuzFcY4F_fXrzUUtxKQ HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:04 +0200] "GET /.well-known/acme-challenge/lBTImHechNbXlzeQ4sefQ1fzPt0Z4GxLyKXRu1TsZhE HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:04 +0200] "GET /.well-known/acme-challenge/FQJedbQbMDlsowZ78JFHy2B1vJkzZ9MiyuSYbzyq4gI HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:04 +0200] "GET /.well-known/acme-challenge/BY89idogpb9ZuzX310EhK1jFZnHEcx7-Xf54RIdMcMM HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:05 +0200] "GET /.well-known/acme-challenge/oy076bgRNB73tmiOVIx-d2z6tsNw8jlDDTQ30f8hMvA HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:05 +0200] "GET /.well-known/acme-challenge/ojZ-pA5DlV-gapQLOX_WH1H0dopeAWBnA1qGmY6Il3Y HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:06 +0200] "GET /.well-known/acme-challenge/ZG9j3GNINBh31NQj-1QLZWYA_UQs8HI2AenvVbAwGfI HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 64.78.149.164 - - [13/Sep/2018:19:33:06 +0200] "GET /.well-known/acme-challenge/mFLDUBrsr05FtJUDB_mpRc0Y2yi8DAeTIGgrDGdpBlU HTTP/1.1" 200 118 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

It’s late now. I think I’ll have to go home and try again tomorrow, sadly. I’ll try to answer questions if I can.


#7

So. I tried again this morning via Plesk and it worked. That means there was definitely connectivity issues on the Let’s Encrypt servers. Certbot works too. Same command.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.