Timeout on ACME challenge

DaanWielens · April 2, 2018, 9:49am

Hi,

I installed the Certbot for Apache / Debian Stretch on a Raspberry Pi 3. To obtain a certificate, I ran

$ sudo certbot --authenticator webroot --installer apache

The script is correctly producing the challenge files (I verified this with a different tty session), but is giving the following error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): dev.daanwielens.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dev.daanwielens.com
Input the webroot for dev.daanwielens.com: (Enter 'c' to cancel): /var/www/html
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dev.daanwielens.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dev.daanwielens.com/.well-known/acme-challenge/LPLR4TRaUr9SeKTCrPhpKvth7vtanZntd561y1jr_Dc: Timeout

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: dev.daanwielens.com
   Type:   connection
   Detail: Fetching
   http://dev.daanwielens.com/.well-known/acme-challenge/LPLR4TRaUr9SeKTCrPhpKvth7vtanZntd561y1jr_Dc:
   Timeout

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I am aware of the fact that the acme-challenge files are removed after a trial, so I created a simple test file in the acme-challenge folder. This file is readable from the web (http://dev.daanwielens.com/.well-known/acme-challenge/test).

I have not made any changes to my Apache’s vHost configuration file. My webroot is not protected by any .htaccess file or any other mechanism.

Does anyone have an idea what causes the certbot to timeout? Thanks in advance!

_az · April 2, 2018, 9:55am

You have an AAAA record but your server isn’t responding on IPv6.

DaanWielens · April 2, 2018, 10:23am

Thanks, I forgot that I once set that up for testing purposes. Removed the AAAA record and now the installation succeeded.

system · May 2, 2018, 10:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timeout during connect (likely firewall problem) Help	6	5452	September 3, 2020
Issue or renew a cert : timeout (certbot and acme.sh) [ solved] Help	3	1998	November 2, 2022
Acme timeout, no DNS or Firewall error Help	5	1685	April 29, 2018
Certbot gets "Timeout during connect" Help	9	6313	May 25, 2020
Connection timeout in authorization procedure Help	3	4526	July 16, 2017

Timeout on ACME challenge

Related topics