The certificate has expired: that is the notAfter date is before the current time

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:Artiflexmfg.com

I ran this command:

It produced this output:

My web server is (include version):webfiles.artiflexmfg.com

The operating system my web server runs on is (include version):Liquidfiles v3.7.18

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):v3.7.18

We are getting this error when trying to validate. The certificate has expired: that is the notAfter date is before the current time

Also this: Parsing account key...
Parsing CSR...
Found domains: webfiles.artiflexmfg.com
Getting directory...
Directory found!
Registering account...
Already registered!
Updated contact details:
mailto:it@artiflexmfg.com
Creating new order...
Order created!
Verifying webfiles.artiflexmfg.com...
Traceback (most recent call last):
File "/sbin/acme_tiny", line 198, in
main(sys.argv[1:])
File "/sbin/acme_tiny", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/sbin/acme_tiny", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for webfiles.artiflexmfg.com: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://webfiles.artiflexmfg.com/.well-known/acme-challenge/6QePDg9XYYpFmIX8t4E43WbXUiF_AoBwKMyu-P0Y7Oo', u'hostname': u'webfiles.artiflexmfg.com', u'addressUsed': u'********', u'port': u'80', u'addressesResolved': [u'*********']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/357882976832/XHLxRA', u'token': u'6QePDg9XYYpFmIX8t4E43WbXUiF_AoBwKMyu-P0Y7Oo', u'error': {u'status': 400, u'type': u'urn:ietf:params:acme:error:connection', u'detail': u'During secondary validation: 52.144.33.177: Fetching http://webfiles.artiflexmfg.com/.well-known/acme-challenge/6QePDg9XYYpFmIX8t4E43WbXUiF_AoBwKMyu-P0Y7Oo: Timeout during connect (likely firewall problem)'}, u'validated': u'2024-05-31T14:39:41Z', u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'webfiles.artiflexmfg.com'}, u'expires': u'2024-06-07T14:39:40Z'}

During secondary validation: 52.144.33.177: Fetching http://webfiles.artiflexmfg.com/.well-known/acme-challenge/6QePDg9XYYpFmIX8t4E43WbXUiF_AoBwKMyu-P0Y7Oo: Timeout during connect (likely firewall problem)

Your webfiles.artiflexmfg.com site is only accessible from a few places in the world, so Let's Encrypt can't validate that you actually control that name.

Will we see the firewall blocking the countries? Currently we don't see anything getting blocked from our firewall.

When your system attempts to get a certificate, you should see at least 5 HTTP requests for the challenge file arrive, from different places around the world. At least 2 of them are being blocked by something. It may be upstream of whatever firewall you're looking at, maybe in your hosting provider's network.

Hi @TLittle,

I would have to say YES, some firewall is geo blocking.

See here:
Permanent link to this check report

And here:
http://www.site24x7.com/tools/public/t/results-1717204872557.html

image1132×457 5.83 KB

Edit:
Also see these results: https://letsdebug.net/webfiles.artiflexmfg.com/1995783

ANotWorking
ERROR
webfiles.artiflexmfg.com has an A (IPv4) record (52.144.33.177) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with webfiles.artiflexmfg.com/52.144.33.177: Get "http://webfiles.artiflexmfg.com/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://webfiles.artiflexmfg.com/.well-known/acme-challenge/letsdebug-test (using initial IP 52.144.33.177)
@0ms: Dialing 52.144.33.177
@10001ms: Experienced error: context deadline exceeded

And from my Oregon USA locations I see Ports 80 & 443 Open

$ nmap -Pn -p80,443 webfiles.artiflexmfg.com
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-31 18:27 PDT
Nmap scan report for webfiles.artiflexmfg.com (52.144.33.177)
Host is up (0.071s latency).

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.