LetsEncrypt Generation Failure Unable to update challenge :: authorization must be pending

Help
1

Please help me with my problem
I need to issue a lets encrypt certificate on pbxact. On request, I get the following error message
Unable to update challenge :: authorization must be pending

  • Requested 'http:/my domain//.freepbx-known/6f659ef4e4f9e7751fdca2e1a5ebfc20' - Failed to connect to my domain port 80: Connection refused

Processing: my domain, Local IP: my ip, Public IP: my ip Self test: trying http://my domain/.freepbx-known/6f659ef4e4f9e7751fdca2e1a5ebfc20 Self test: received 6f659ef4e4f9e7751fdca2e1a5ebfc20 Requested 'http://my domain//.freepbx-known/6f659ef4e4f9e7751fdca2e1a5ebfc20' - Failed to connect to my domain port 80: Connection refused Getting list of URLs for API Requesting new nonce for client communication Account already registered. Continuing. Sending registration to letsencrypt server Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct Account: https://acme-v02.api.letsencrypt.org/acme/acct/1145583257 Starting certificate generation process for domains Requesting challenge for my domain Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/237823943147 Got challenge token for my domain Token for my domain saved at /var/www/html/.well-known/acme-challenge/pVuvZ0GUDC0ubKY1YUFYvAtwXVWV_rQlOfFvTh5R-ko and should be available at http://my domain/.well-known/acme-challenge/pVuvZ0GUDC0ubKY1YUFYvAtwXVWV_rQlOfFvTh5R-ko Sending request to challenge Sending signed request to https://acme-v

3

Hi @Ayman-Alnwasrh, and welcome to the LE community forum :slight_smile:

There are several things wrong with that message:

  • http:/my domain//
    Was that?: http://my domain/
  • "Connection refused" means HTTP [TCP port 80] is not able to reach your system.
    Can the Internet reach your system via port 80?

Here the local response doesn't match the requested:

Are challenge tokens reachable from the Internet [at that location]?

Why are there two different challenge paths shown?:

Do you have multiple ACME clients?

4 Likes
4

You would do well by answering the questions below:
[which would have been shown to you had you picked "HELP" topic instead of "Issuance Tech"]

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

5 Likes
5

222
222975×534 72.1 KB

I need someone's help installing lets encrypt certificate on pbx

I tried many times but each time it gives a different error message

PBX Version: 16.0.40.3

PBX Distro:12.7.8-2302-1.sng7

Asterisk Version: 18.17.1

my fqdn :dafnyapbxact75.com also when I try fqdn of the device id.deploments.pbxact.com it produces the same error message

settings on my device

ICE Host Candidates

Local ip => public ip

ws

ws - 0.0.0.0-Yes

wss

wss - 0.0.0.0-Yes

Display ReadOnly Settings-Yes

Override ReadOnly Settings-Yes

Enable the mini-HTTP Server-Yes

Enable TLS for the mini-HTTP Server-Yes

Force WebSocket Mode-Pjsip

Enable the Asterisk REST Interface-Yes

SIP Channel Driver-both

Settings on mikrotik router for port 80 and nat:

For nat

Chain:dstnat

Dst add: public ip

Action: dstnat

To add:local ip

For port 80

Chain:dstnat

Dst add: 0.0.0.0/0

Protocol:tcp

Dst port:80

Action: dstnat

To add:local ip

To port:80

Attached are pictures of the error messages

With fqdn pbx act (id.deployments.pbxact.com) msg error

With my fqdn msg error

Thanks

1 Like
6

That particular error is not related to Let's Encrypt. Your script is checking if it has access to a php file but it does not.

I don't know Free PBX at all so can't help much. Maybe some other volunteer will offer help.

I mostly wanted to let you know there is a Free PBX community and someone there may know what is happening. We don't see this product very often here.

6 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.