Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: intern.geberl.com
I ran this command: They name it Step 4 (Verify the Challenge File - 28. August 2018 about 20:00 - 23:00 GMT?)
It produced this output:
Error: Domain challenge failed. Please start back at Step 1. {“identifier”:{“type”:“dns”,“value”:“intern.geberl.com”},“status”:“invalid”,“expires”:“2018-09-04T20:20:57Z”,“challenges”:[{“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:ietf:params:acme:error:connection”,“detail”:“Fetching http://intern.geberl.com/.well-known/acme-challenge/YBGwi_N_iJSo0nJnPP18ZfoEEFss-LX2aWjwM0-5pR8: Timeout during connect (likely firewall problem)”,“status”:400},“url”:“https://acme-v02.api.letsencrypt.org/acme/challenge/h_3QSnDJtp9Aa4jngnkSdHi-9yP3WmUyB7nIUaNM67k/6854698119",“token”:“YBGwi_N_iJSo0nJnPP18ZfoEEFss-LX2aWjwM0-5pR8”,“validationRecord”:[{“url”:“http://intern.geberl.com/.well-known/acme-challenge/YBGwi_N_iJSo0nJnPP18ZfoEEFss-LX2aWjwM0-5pR8”,“hostname”:“intern.geberl.com”,“port”:“80”,“addressesResolved”:[“82.117.2.154”],“addressUsed”:“82.117.2.154”}]},{“type”:“tls-alpn-01”,“status”:“invalid”,“url”:“https://acme-v02.api.letsencrypt.org/acme/challenge/h_3QSnDJtp9Aa4jngnkSdHi-9yP3WmUyB7nIUaNM67k/6854698120”,“token”:“fPaOHJMLko3j4fnQRqJZTqeIk9T6UCyHTO9G5O2WRg0”},{“type”:“dns-01”,“status”:“invalid”,“url”:“https://acme-v02.api.letsencrypt.org/acme/challenge/h_3QSnDJtp9Aa4jngnkSdHi-9yP3WmUyB7nIUaNM67k/6854698121”,“token”:"bS2LXpqcsN7nZhgjw_hXfiC8Gt1bgzrn5X7LAN4xu80”}]} ===================================================
My web server is (include version): I used the python script for testing
python2 -c “import BaseHTTPServer;
h = BaseHTTPServer.BaseHTTPRequestHandler;
h.do_GET = lambda r: r.send_response(200) or r.end_headers() or r.wfile.write(‘YBGwi_N_iJSo0nJnPP18ZfoEEFss-LX2aWjwM0-5pR8.2Y-aR_qhG1VHT_oSHyuILsBwD3zadia0F81t_-J8yRs’);
s = BaseHTTPServer.HTTPServer((‘0.0.0.0’, 80), h);
s.serve_forever()”
The operating system my web server runs on is (include version): debian 9
My hosting provider, if applicable, is: hoiLi, DNS is Krypton - just a little bit complicate
I can login to a root shell on my machine (yes or no, or I don’t know): yes but I cannot see/access the DNS
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Network Structure: (static IP: 82.117.2.154)
-> ADSL
-> ADSL-Modem (Zyxel 660-HN-I)
-> IP-Fire (rot: IP: 82.117.2.154 Gateway: 82.117.20.31 DNS: 82.117.12.24, 82.117.12.25)
-> Interface DMZ: 192.168.30.1/24
-> Debian Server IP: 192.168.30.6 (DNS: 82.117.12.24, 82.117.12.25) (virtualisiert auf Proxmox)
I tried the procedure shown at https://gethttpsforfree.com/ because I got permanent failures with certbot and wanted to debug this. I’am wondering why I can browse the Challenge File from outside with a firefox browser (the phyton script logs the access) but LetsEncrypt does not find the file (also no access-log from phyton). Is there any difference?
Thank you and regards
Stephan Geberl
PS.: In the moment the firewall is not open any more, just in case