Problems with the Challenge File


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: They name it Step 4 (Verify the Challenge File - 28. August 2018 about 20:00 - 23:00 GMT?)

It produced this output:

Error: Domain challenge failed. Please start back at Step 1. {“identifier”:{“type”:“dns”,“value”:“”},“status”:“invalid”,“expires”:“2018-09-04T20:20:57Z”,“challenges”:[{“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:ietf:params:acme:error:connection”,“detail”:“Fetching Timeout during connect (likely firewall problem)”,“status”:400},“url”:“",“token”:“YBGwi_N_iJSo0nJnPP18ZfoEEFss-LX2aWjwM0-5pR8”,“validationRecord”:[{“url”:“”,“hostname”:“”,“port”:“80”,“addressesResolved”:[“”],“addressUsed”:“”}]},{“type”:“tls-alpn-01”,“status”:“invalid”,“url”:“”,“token”:“fPaOHJMLko3j4fnQRqJZTqeIk9T6UCyHTO9G5O2WRg0”},{“type”:“dns-01”,“status”:“invalid”,“url”:“”,“token”:"bS2LXpqcsN7nZhgjw_hXfiC8Gt1bgzrn5X7LAN4xu80”}]} ===================================================

My web server is (include version): I used the python script for testing
python2 -c “import BaseHTTPServer;
h = BaseHTTPServer.BaseHTTPRequestHandler;
h.do_GET = lambda r: r.send_response(200) or r.end_headers() or r.wfile.write(‘YBGwi_N_iJSo0nJnPP18ZfoEEFss-LX2aWjwM0-5pR8.2Y-aR_qhG1VHT_oSHyuILsBwD3zadia0F81t_-J8yRs’);
s = BaseHTTPServer.HTTPServer((‘’, 80), h);

The operating system my web server runs on is (include version): debian 9

My hosting provider, if applicable, is: hoiLi, DNS is Krypton - just a little bit complicate

I can login to a root shell on my machine (yes or no, or I don’t know): yes but I cannot see/access the DNS

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Network Structure: (static IP:
-> ADSL-Modem (Zyxel 660-HN-I)
-> IP-Fire (rot: IP: Gateway: DNS:,
-> Interface DMZ:
-> Debian Server IP: (DNS:, (virtualisiert auf Proxmox)

I tried the procedure shown at because I got permanent failures with certbot and wanted to debug this. I’am wondering why I can browse the Challenge File from outside with a firefox browser (the phyton script logs the access) but LetsEncrypt does not find the file (also no access-log from phyton). Is there any difference?

Thank you and regards
Stephan Geberl

PS.: In the moment the firewall is not open any more, just in case



Can you please try to open the firewall for a brief time (more than 10 minutes) so we could take a look?
(For now, the connections are all filtered)

Thank you


Thanks for the reply
I opened the firewall and startet the phyton server. I got the following log (from within the firewall) - - [30/Aug/2018 06:51:56] “GET /.well-known/acme-challenge/YBGwi_N_iJSo0nJnPP18ZfoEEFss-LX2aWjwM0-5pR8 HTTP/1.1” 200 - - - [30/Aug/2018 06:51:56] “GET /favicon.ico HTTP/1.1” 200 -

Thank you
Stephan Geberl



Have you tried to test the file outside your network (aka from a far away address… Not in your WiFi / Ethernet )

Since from outside of network (uses Comcast Xfinity IP in U.S), I’m receiving a timeout issue (with portqry shows filtered on 80 & 443)…you might need to setup port forwarding on your ADSL modem in order for outside world to visit your site (and more importantly get a certificate from let’s encrypt using HTTP-01 validation)

Thank you


thank you very much, “far away” was the right hint. I activated the GeoIP Blocking some time ago so I had access from outside the Network but LetsEncrypt not (I think the servers are not in europe). Now everything is working fine.

best regards
Stephan Geberl


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.