Some challenges have failed

Help Ayuda (en Español)
1

Buenas tardes estoy teniendo problemas para renovar mi dominio.

Puedo leer las respuestas en Inglés (sí o no): Si

Mi dominio es: dinabyte.net

Ejecuté este comando: sudo certbot renew

Produjo esta salida: 2024-05-28 19:29:46,392:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 29 May 2024 01:29:46 GMT
Content-Type: application/json
Content-Length: 1024
Connection: keep-alive
Boulder-Requester: 1590338597
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: tHmr_zjyAYVhfHAdoy84JDKZUlPqMmAQXsk3mXVX1gwkMtuaOEE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "dinabyte.net"
},
"status": "invalid",
"expires": "2024-06-05T01:29:38Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "38.49.137.58: Fetching http://dinabyte.net/.well-known/acme-challenge/RFFKMZfuR2wIzs8WGHnVTO7O7UC1q6rMJMKSDIkWL9A: Error getting validation data",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/356791062112/c72xbQ",
"token": "RFFKMZfuR2wIzs8WGHnVTO7O7UC1q6rMJMKSDIkWL9A",
"validationRecord": [
{
"url": "http://dinabyte.net/.well-known/acme-challenge/RFFKMZfuR2wIzs8WGHnVTO7O7UC1q6rMJMKSDIkWL9A",
"hostname": "dinabyte.net",
"port": "80",
"addressesResolved": [
"38.49.137.58"
],
"addressUsed": "38.49.137.58"
}
],
"validated": "2024-05-29T01:29:42Z"
}
]
}
2024-05-28 19:29:46,392:DEBUG:acme.client:Storing nonce: tHmr_zjyAYVhfHAdoy84JDKZUlPqMmAQXsk3mXVX1gwkMtuaOEE
2024-05-28 19:29:46,392:INFO:certbot._internal.auth_handler:Challenge failed for domain dinabyte.net
2024-05-28 19:29:46,392:INFO:certbot._internal.auth_handler:http-01 challenge for dinabyte.net
2024-05-28 19:29:46,392:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: dinabyte.net
Type: connection
Detail: 38.49.137.58: Fetching http://dinabyte.net/.well-known/acme-challenge/RFFKMZfuR2wIzs8WGHnVTO7O7UC1q6rMJMKSDIkWL9A: Error getting validation data

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2024-05-28 19:29:46,393:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-05-28 19:29:46,393:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-05-28 19:29:46,393:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-05-28 19:29:46,532:ERROR:certbot._internal.renewal:Failed to renew certificate dinabyte.net with error: Some challenges have failed.
2024-05-28 19:29:46,534:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/main.py", line 1550, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Mi servidor web es (incluya la versión):
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2024-04-10T17:45:18

El sistema operativo en el que se ejecuta mi servidor web es (incluya la versión):

Mi proveedor de alojamiento web (si aplica) es: Ubuntu 22.04.4 LTS

Puedo iniciar una sesión en una shell root en mi servidor (sí, no o no lo sé): Si

Estoy usando un panel de control para administrar mi sitio (no o proporcione el nombre y la versión del panel de control): No

La versión de mi cliente es (por ejemplo, si usa certbot, muestre la salida de certbot --version o certbot-auto --version): certbot 2.10.0

2

Hello @keintek, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using the online tool Let's Debug yields these results https://letsdebug.net/dinabyte.net/1987917

ANotWorking
ERROR
dinabyte.net has an A (IPv4) record (38.49.137.58) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://dinabyte.net/.well-known/acme-challenge/letsdebug-test": dial tcp 38.49.137.58:80: connect: no route to host

Trace:
@0ms: Making a request to http://dinabyte.net/.well-known/acme-challenge/letsdebug-test (using initial IP 38.49.137.58)
@0ms: Dialing 38.49.137.58
@1948ms: Experienced error: dial tcp 38.49.137.58:80: connect: no route to host

IssueFromLetsEncrypt
ERROR
A test authorization for dinabyte.net to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
38.49.137.58: Fetching http://dinabyte.net/.well-known/acme-challenge/cl-oCNGSzSL8akvDX8J55N5rshxHhJIart2ROdndGDo: Error getting validation data

Port 80 is filtered; the HTTP-01 challenge states "The HTTP-01 challenge can only be done on port 80."

Best Practice - Keep Port 80 Open

$ nmap -Pn -p80,443 dinabyte.net
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-28 19:26 PDT
Nmap scan report for dinabyte.net (38.49.137.58)
Host is up (0.079s latency).

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp open     https

Nmap done: 1 IP address (1 host up) scanned in 2.48 seconds
4 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.