I have a Spam Titan virtual appliance. In that appliance is a button I can click to get a Let's Encrypt Certificate. It used to work just fine. Now it fails with the error below. We placed a rule at the top of the firewall allowing all traffic in and out of the appliance and reran the request for the certificate and it still failed with the same error. So, I do not believe my firewall is causing this issue. Thoughts? TIA
My domain is: fulcherlaw.com
It produced this output:
Error: Challenge failed (2606:4700:4403::ac40:9ac9: Invalid response from https://acme.certmanager.io/.well-known/acme-challenge/yjypLsXc5CM4swUzDpN-jVqI6f9eHMPfqL7lg1_KVS0: 404). This error may be caused by a closed port 80. Please open it temporarily for the renewal process to finish...
I can login to a root shell on my machine (yes or no, or I don't know): I'm not sure.
It looks like your device proxies its challenges to a separate service offered by "acme.certmanager.io", which is strange to me since cert-manager (with a hyphen) is a well-known ACME client.
2 Likes
Thanks for the reply. So, does that mean I cannot do anything myself and I should reach out to Spam Titan support? They're the ones who tried to run this for me and said something is wrong on my end.
Probably. It looks like maybe one of these causes:
- the challenge is not propagating either correctly or fast enough to that service
- that service is not configured correctly to respond to the challenge
2 Likes
I agree with @griffin you should talk with their support.
I wanted to add the "404" in the error message is an HTTP error "Not Found". To get a 404 means the connection to your domain worked but your server then said it did not have the requested object.
A 404 would never be caused by a closed port 80. I believe that part of the message is a catch-all description from the appliance. It did not come from the Let's Encrypt service.
A closed port 80 would result in a timeout or similar connection problem. Those messages are very different.
3 Likes