Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: partes.tasiva.com
I ran this command: certbot certonly --manual -d partes.tasiva.com
It produced this output:
*Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for partes.tasiva.com
Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.*
My web server is (include version): apache2 (2.11.0)
The operating system my web server runs on is (include version): Debian 6.1.94-1
My hosting provider, if applicable, is: Dinahosting
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I think not, but Iām not sure.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 2.11.0
Explanation:
When I execute the command certbot certonly --manual -d partes.tasiva.com and I create the file in the path it tells me, I can access the file from the internet. (From another computer)
But when I hit enter and Certbot tries to access the path I get the error I showed before. I don't understand why this happens, any idea? I've checked everything, from opening ports 80, 8080, 443, permissions problems... But nothing.
That is usually exactly what it sounds like.
Are you running a local firewall?
Is that the correct IP [88.10.67.208]?
Is your site accessible from the Internet via HTTP [TCP port 80]?
Can you also reach your site/IP from the Internet?
I can't:
curl -Ii http://partes.tasiva.com/.well-known/acme-challenge/Test_File-1234
curl: (28) Failed to connect to partes.tasiva.com port 80 after 130996 ms: Connection timed out
Yes, I can, I see the following if I run from my home computer (it's outside my company's network)
And if i run from my company computer i see the same: HTTP/1.1 404 Not Found
Date: Mon, 23 Sep 2024 12:24:11 GMT
Server: Apache/2.4.61 (Debian)
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
It could be, everything seems to indicate that yes, my company's external firewall is run by another company, I'll send them an email and I'll let you know what they tell me.
You (and/or the people managing the network) may find this post useful, describing how and why Let's Encrypt checks from multiple places around the world to ensure that one actually controls a domain name as seen from everywhere.
I bring good news, the problem was what you told me, the firewall rules have been changed to allow connections from anywhere in the world and now I have obtained the certificates correctly. Thank you very much!
It was what you said, the rules have been changed to allow connections from anywhere in the world and I have been able to obtain the certificates correctly.
Thank you very much!
