The following errors were reported by the server: Timeout but in apache log there is a request

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: xxxxx.xxx
    Type: connection
    Detail: Fetching
    http://xxxxx.xxx/.well-known/acme-challenge/lhf_d4xEFdiKkVTqb_fvzT5W7ZRyT_80gxkPhRltEJc:
    Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

And yet in the apache server log:
66.133.109.36 - - [10/Sep/2017:21:55:05 +0200] “GET /.well-known/acme-challenge/lhf_d4xEFdiKkVTqb_fvzT5W7ZRyT_80gxkPhRltEJc HTTP/1.1” 200 87 “-” "Mozilla/5.0 (compatibl
e; Let’s Encrypt validation server; +https://www.letsencrypt.org)

Hi @roosit,

Since August 25, the Let's Encrypt CA has been making multiple tests of a challenge before the challenge is marked complete. This means that when you get one inbound connection, you may still have to wait for others to succeed before the challenge is considered successful.

In this case, if you whitelisted a particular Let's Encrypt IP address in a firewall, the challenge may have failed because Let's Encrypt was also connecting from an additional IP address. We've discouraged people many times from whitelisting specific addresses that they think Let's Encrypt will connect from, because the intent is to make this increasingly unpredictable as a defense against some kind of attacks against the CA system.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.