Timeout during connect (likely firewall problem)

Due to a recent ransomware attack we have blocked everything and are adding to our allow-list
what country, IP and ports need to be unblocked for our servers to communicate with letsencrypt ?

My domain is: abqhch.org

I ran this command: powershell

New-PACertificate micollab.abqhch.org -AcceptTOS -Contact 'phonesys@abqhch.org'-Plugin Windows -PluginArgs $pArgs
Exception: C:\Program Files\PowerShell\Modules\Posh-ACME\4.15.0\Public\New-PACertificate.ps1:247

It produced this output:
Line |
247 | Submit-ChallengeValidation
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
| Authorization invalid for micollab.abqhch.org: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.micollab.abqhch.org - check that a DNS
| record exists for this domain

My web server is (include version): micollab.abqhch.org

The operating system my web server runs on is (include version): mitel linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): mitel interface

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

Hello @JPadilla, welcome to the Let's Encrypt community. :slightly_smiling_face:

A great place to start debugging Let's Encrypt certificates is Let's Debug

You can find the DNS Records for micollab.abqhch.org here DNS Lookup - Check DNS Records
and the DNS Records for abqhch.org here DNS Lookup - Check DNS Records

I do not find any DNS records containing acme.

1 Like

Also Let's Encrypt DOES NOT publish a list of IP addresses we use to validate

1 Like

I'm not familiar with Posh-ACME. Does it contain a DNS plugin for your DNS provider to add/remove the TXT record? Or did it ask you to do it manually? If so, did you add the TXT record? Because currently it's not there indeed.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.