Problems with timeouts with one domain

The domain I am trying to get a Lets Encrypt Certificate for is webserver.hsmedia.co.uk

I am running the one with Virtualmin client, when using the dialogue boxes

The full error I am getting is:
Requesting a certificate for webserver.hsmedia.co.uk, www.webserver.hsmedia.co.uk, mail.webserver.hsmedia.co.uk, autoconfig.webserver.hsmedia.co.uk, autodiscover.webserver.hsmedia.co.uk from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :
Gave up waiting for validation
DNS-based validation failed : Failed to request certificate :
Gave up waiting for validation

My web server is (include version): Apache/2.2.15

I am running Cento 6

Can login using ssh and have full access to the server therefore

As previously stated running Virtualmin

log is not verbose enough to be see what’s wrong. can you make it more chatty?

Not sure what you mean, that’s all thats given as an error.

this log basically says, “I tried web-based (probably http-01) and DNS challenge, but failed.” and nothing else.

The only thing can show really is this:
92.60.127.175 - - [07/May/2019:22:33:13 +0100] “GET /.well-known/acme-challenge/AM592K4k4TccTC-EJHUNPgrW_UcRE_W2L8SoAA31fkI HTTP/1.1” 200 87 “-” “Python-urllib/2.6”

Not sure if that’s any good though?

if that’s only access log that you see, it means LE was only able to visit one of the domains you requested.

I’m not sure exactly what’s wrong, but your DNS setup seems to be broken.

https://letsdebug.net/webserver.hsmedia.co.uk/37874

http://dnsviz.net/d/webserver.hsmedia.co.uk/dnssec/

Sure enough, I can’t access your site in a web browser either. I guess you should fix that first, then try again to get a certificate…

The user-agent is not of Let’s Encrypt, but looks like a local preflight request.

The nameserver for hsmedia.co.uk (92.60.127.171) doesn’t appear to respond to DNS queries at all. So that’s your main problem. Talk to whoever runs your nameserver.

2 Likes

Yeah I’ll try again, actually its my own DNS server, went to the registrar to ask them to add my servers IP addresses as find it much quicker for DNS changes etc…

I thought like that, actually running fail2ban on the server as well as other things so might just turn that off has the security aspect of fail2ban on that so might just for the certificate request turn that off and get rid of least the first block of DROP jails in the iptables configs I have as well.

2nd note think I know what’s happening here its a problem with something to do with my hosting provider rather than the DNS.

Sorting it out with them, thank you for your help is amazingly appreciated!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.