Triggering a challenge retry


I am trying to figure out how to the the LetsEncrypt server to resend the challenge request.

My domain is:

I ran this command:

Complete-ACMEChallenge dns1 -ChallengeType http-01 -Handler manual -force

It produced this output:

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier :
Uri :
Status : pending
Expires : 6/12/2018 5:32:47 PM
Challenges : {manual, manual}
Combinations : {0, 1}

My web server is (include version):


The operating system my web server runs on is (include version):

Windows 10

I can login to a root shell on my machine - YES


I don’t use this.

But: The challenge

is invalid: “Timeout during connect (likely firewall problem)”.

Wenn fetching your url

manual, the http-status is 200. But the headers:


D:>download -h
Content-Disposition: attachment; filename=dTvsfhE3epTUE2em1hFF212qAdxCrNfsCj20oK9gvXk; filename*=UTF-8’'dTvsfhE3epTUE2em1hFF212qAdxCrNfsCj20oK9gvXk
Content-Length: 87
Content-Type: text/plain
Date: Tue, 05 Jun 2018 20:27:39 GMT
Set-Cookie: NUSA_Guids=be4eb480-a8a7-4c01-bf67-4e2c8f7d8059%2F66bf3eb2-95de-42ce-a907-1109cb9ced8b; path=/
Server: Kestrel

Status: 200 OK


Your server adds a Content-Disposition attachment-Header with a Filename, so FireFox wants to download the file.

I don’t know if this is good when Letsencrypt checks your file. I would remove the Content-Disposition - Header if possible.


I got a timeout on that site (resolved address when trying to connect from two different locations. Could there be a firewall that blocks access to some IP address ranges?

Edit: It actually did connect but it took a very long time on the first connection, and then worked quickly on subsequent connections. Is it possible that there’s some kind of firewall or proxy that performs some kind of time-consuming check on hosts that connect to your site before allowing the connection to complete?


Intermittent network issue sounds like it’s on the money. I don’t think Content-Disposition will affect Let’s Encrypt, since it doesn’t look for that header and doesn’t otherwise affect the response body. At least, Let’s Encrypt can connect to the server sometimes:

Challenge update failures for in order
acme: error code 403 “urn:ietf:params:acme:error:unauthorized”: The key authorization file from the server did not match this challenge [lvIDm50o6cDM2w6LGiJ4eijh_TW4p8agzXFf-65RXv0.49wknCPN_3HICrKF6BR-V-a-E_ipoaGro7D1Fju_2ec] != [dTvsfhE3epTUE2em1hFF212qAdxCrNfsCj20oK9gvXk.82563yWh0HmnK35FH2tUfRsCc7NP3doyWk89Q943qsc]

Maybe a reverse DNS lookup that gets cached? This also looks like a residential connection, which may have something to do with it.


Thanks for both your replies.

The reason for the long timeout was I left a breakpoint in my code - SORRY! (LOL)

I also fixed the following:

Content-Disposition - gone.
Set-Cookie: HUSA_Guids… - gone

If anyone hits it now, it should immediately return. (No more breakpoints)


Now there is no timeout. But:



shows the same


So I can remove characters and don’t get a 404-status, instead 200 and the same (wrong) content.

The filename must be the token, the content must be the token, a “.” and a JWK-Footprint of the account key.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.