My domain is:
I ran this command:
Unsure, but used cert-manager; The issue happens with the Let's Encrypt servers though.
Note: This is the challenge part of cert-manager
It produced this output:
Error accepting authorization: acme: authorization error for tromkom.no: 400 urn:ietf:params:acme:error:connection: Fetching http://tromkom.no/.well-known/acme-challenge/y-ZiKpljVx-nR4II-2heQpY-tYKf-7eciiPJe4TWOMw: Timeout during connect (likely firewall problem)
My web server is (include version):
Using kubernetes 1.20.x; The actual site that is hosted on https://tromkom.no is using wordpress 5.
The operating system my web server runs on is (include version):
The pod is using alphine 3.14
I can login to a root shell on my machine:
I'm using a control panel to manage my site:
The version of my client is:
cert-manager 1.3.1 (tried using 1.0.9 and 1.1.0 as well)
The setup had worked for months prior to suddenly breaking down; Asked around in the organization and nothing regarding the setup should've been changed anywhere.
Here is the letsencrypt api response: https://acme-v02.api.letsencrypt.org/acme/chall-v3/20629058010/PzyglQ
Do note that I'm able to access the site on port 80/443 without issues in addition when I'm using GET requests to the endpoint mentioned in the debug I get a 404, it does not time out like the response from Let's Encrypt implies.
Well, trying to get to your site times out from both my home network and from my AWS-hosted server. You need your site to be publicly-available on port 80 to use the HTTP-01 challenge. Perhaps your firewall is blocking connections from some parts of the world?
[ec2-user@ip-172-31-23-55 ~]$ curl http://tromkom.no/.well-known/acme-challenge/y-ZiKpljVx-nR4II-2heQpY-tYKf-7eciiPJe4TWOMw:
curl: (28) Failed to connect to tromkom.no port 80: Connection timed out
I'm pretty sure we're not blocking any specific country, I even tried logging into an AWS hosted server of my own and I could run the curl request. If you don't mind me asking, where is your AWS server hosted? I'd like to try and create an instance there myself and see if I can reproduce it.
<head><title>308 Permanent Redirect</title></head>
<center><h1>308 Permanent Redirect</h1></center>
I was testing from region us-east-1 (availability zone use1-az6).
My home network that also couldn't connect is on AS20115 (Charter Communications, a.k.a. Spectrum), also on the east coast of the US.
Thanks, yeah was able to confirm that us-east-1 Zone A does in fact not work.
My server was located in eu-west-3 Zone A.
Thanks a bunch!
It does sound like there's some sort of region-blocking firewall in place, then. Good luck finding the right person who can say "Oh yeah, we turned that on last month" for you
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.