LetsEncrypt Generation Failure Unable to update challenge :: authorization must be pending

Please help me with my problem
I need to issue a lets encrypt certificate on pbxact. On request, I get the following error message
Unable to update challenge :: authorization must be pending

  • Requested 'http:/my domain//.freepbx-known/6f659ef4e4f9e7751fdca2e1a5ebfc20' - Failed to connect to my domain port 80: Connection refused

Processing: my domain, Local IP: my ip, Public IP: my ip Self test: trying http://my domain/.freepbx-known/6f659ef4e4f9e7751fdca2e1a5ebfc20 Self test: received 6f659ef4e4f9e7751fdca2e1a5ebfc20 Requested 'http://my domain//.freepbx-known/6f659ef4e4f9e7751fdca2e1a5ebfc20' - Failed to connect to my domain port 80: Connection refused Getting list of URLs for API Requesting new nonce for client communication Account already registered. Continuing. Sending registration to letsencrypt server Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct Account: https://acme-v02.api.letsencrypt.org/acme/acct/1145583257 Starting certificate generation process for domains Requesting challenge for my domain Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/237823943147 Got challenge token for my domain Token for my domain saved at /var/www/html/.well-known/acme-challenge/pVuvZ0GUDC0ubKY1YUFYvAtwXVWV_rQlOfFvTh5R-ko and should be available at http://my domain/.well-known/acme-challenge/pVuvZ0GUDC0ubKY1YUFYvAtwXVWV_rQlOfFvTh5R-ko Sending request to challenge Sending signed request to https://acme-v

Hi @Ayman-Alnwasrh, and welcome to the LE community forum :slight_smile:

There are several things wrong with that message:

  • http:/my domain//
    Was that?: http://my domain/
  • "Connection refused" means HTTP [TCP port 80] is not able to reach your system.
    Can the Internet reach your system via port 80?

Here the local response doesn't match the requested:

Are challenge tokens reachable from the Internet [at that location]?

Why are there two different challenge paths shown?:

Do you have multiple ACME clients?


You would do well by answering the questions below:
[which would have been shown to you had you picked "HELP" topic instead of "Issuance Tech"]

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


I need someone's help installing lets encrypt certificate on pbx

I tried many times but each time it gives a different error message

PBX Version:

PBX Distro:12.7.8-2302-1.sng7

Asterisk Version: 18.17.1

my fqdn :dafnyapbxact75.com also when I try fqdn of the device id.deploments.pbxact.com it produces the same error message

settings on my device

ICE Host Candidates

Local ip => public ip


ws -


wss -

Display ReadOnly Settings-Yes

Override ReadOnly Settings-Yes

Enable the mini-HTTP Server-Yes

Enable TLS for the mini-HTTP Server-Yes

Force WebSocket Mode-Pjsip

Enable the Asterisk REST Interface-Yes

SIP Channel Driver-both

Settings on mikrotik router for port 80 and nat:

For nat


Dst add: public ip

Action: dstnat

To add:local ip

For port 80


Dst add:


Dst port:80

Action: dstnat

To add:local ip

To port:80

Attached are pictures of the error messages

With fqdn pbx act (id.deployments.pbxact.com) msg error

With my fqdn msg error


1 Like

That particular error is not related to Let's Encrypt. Your script is checking if it has access to a php file but it does not.

I don't know Free PBX at all so can't help much. Maybe some other volunteer will offer help.

I mostly wanted to let you know there is a Free PBX community and someone there may know what is happening. We don't see this product very often here.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.