The certificate has expired: that is the notAfter date is before the current time

TLittle · May 31, 2024, 3:58pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:Artiflexmfg.com

I ran this command:

It produced this output:

My web server is (include version):webfiles.artiflexmfg.com

The operating system my web server runs on is (include version):Liquidfiles v3.7.18

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):v3.7.18

We are getting this error when trying to validate. The certificate has expired: that is the notAfter date is before the current time

Also this: Parsing account key...
Parsing CSR...
Found domains: webfiles.artiflexmfg.com
Getting directory...
Directory found!
Registering account...
Already registered!
Updated contact details:
mailto:it@artiflexmfg.com
Creating new order...
Order created!
Verifying webfiles.artiflexmfg.com...
Traceback (most recent call last):
File "/sbin/acme_tiny", line 198, in
main(sys.argv[1:])
File "/sbin/acme_tiny", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/sbin/acme_tiny", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for webfiles.artiflexmfg.com: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://webfiles.artiflexmfg.com/.well-known/acme-challenge/6QePDg9XYYpFmIX8t4E43WbXUiF_AoBwKMyu-P0Y7Oo', u'hostname': u'webfiles.artiflexmfg.com', u'addressUsed': u'********', u'port': u'80', u'addressesResolved': [u'*********']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/357882976832/XHLxRA', u'token': u'6QePDg9XYYpFmIX8t4E43WbXUiF_AoBwKMyu-P0Y7Oo', u'error': {u'status': 400, u'type': u'urn:ietf:params:acme:error:connection', u'detail': u'During secondary validation: 52.144.33.177: Fetching http://webfiles.artiflexmfg.com/.well-known/acme-challenge/6QePDg9XYYpFmIX8t4E43WbXUiF_AoBwKMyu-P0Y7Oo: Timeout during connect (likely firewall problem)'}, u'validated': u'2024-05-31T14:39:41Z', u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'webfiles.artiflexmfg.com'}, u'expires': u'2024-06-07T14:39:40Z'}

petercooperjr · May 31, 2024, 4:02pm

During secondary validation: 52.144.33.177: Fetching http://webfiles.artiflexmfg.com/.well-known/acme-challenge/6QePDg9XYYpFmIX8t4E43WbXUiF_AoBwKMyu-P0Y7Oo: Timeout during connect (likely firewall problem)

Your webfiles.artiflexmfg.com site is only accessible from a few places in the world, so Let's Encrypt can't validate that you actually control that name.

TLittle · May 31, 2024, 5:38pm

Will we see the firewall blocking the countries? Currently we don't see anything getting blocked from our firewall.

petercooperjr · May 31, 2024, 5:52pm

When your system attempts to get a certificate, you should see at least 5 HTTP requests for the challenge file arrive, from different places around the world. At least 2 of them are being blocked by something. It may be upstream of whatever firewall you're looking at, maybe in your hosting provider's network.

Bruce5051 · June 1, 2024, 1:24am

Hi @TLittle,

I would have to say YES, some firewall is geo blocking.

See here:
Permanent link to this check report

And here:
http://www.site24x7.com/tools/public/t/results-1717204872557.html

Edit:
Also see these results: https://letsdebug.net/webfiles.artiflexmfg.com/1995783

ANotWorking
ERROR
webfiles.artiflexmfg.com has an A (IPv4) record (52.144.33.177) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with webfiles.artiflexmfg.com/52.144.33.177: Get "http://webfiles.artiflexmfg.com/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://webfiles.artiflexmfg.com/.well-known/acme-challenge/letsdebug-test (using initial IP 52.144.33.177)
@0ms: Dialing 52.144.33.177
@10001ms: Experienced error: context deadline exceeded

And from my Oregon USA locations I see Ports 80 & 443 Open

$ nmap -Pn -p80,443 webfiles.artiflexmfg.com
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-31 18:27 PDT
Nmap scan report for webfiles.artiflexmfg.com (52.144.33.177)
Host is up (0.071s latency).

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds

Topic		Replies	Views
Certificate Expired, now I can't create a new one Help	6	161	May 1, 2026
Validation of the required challenges error Help	6	3131	January 9, 2020
Certbot certificate validation failing with timeout when all seems to be correct Help	14	597	May 10, 2024
Certificate Expired Help	4	1150	May 29, 2019
Failed to issue certificate Help	8	2325	March 3, 2019

The certificate has expired: that is the notAfter date is before the current time

Related topics