Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The problem I see is that port 443 (https) is unresponsive. This could be due to a firewall blocking incoming requests on that port. Since all port 80 (http) requests are being redirected to port 443 (https), this prevents satisfaction of http-01 challenges. You could try turning off the http to https redirect for now. Once the certificate is acquired and installed you can turn it back on (if that hasn't already happened in the process). At least then you would have your certificate and can debug the port 443 block independently.
Hey @Griffin and everyone else. Thanks for the warm welcome.
Using your advice I went ahead and turned off the Permanent SEO-safe 301 redirect from HTTP to HTTPS. This fixed the connectivity issue I was having; the site loads without any issues now, which is great, I'm still getting the same error message when it comes to securing a certificate. See below
So I adjusted the firewall and opened up 443, checked it on pentest-tools.com to make sure it was open, and than ran Lets Encrypt, but I received they same error message.
Try handling the ACME challenge requests in HTTP instead of redirecting them to HTTPS; as seen in the failed request:
And in either case, check that there are no other devices in line, or services, that may be blocking IPs (i.e. other firewalls, control panel settings, IPS, Geo-Location blocking services, Fail2Ban, etc.)
There's a huge difference between the secondary validation failure you now see and the primary validation failure you were seeing. Notice that for the primary failure (top) it was your https firewall blockage causing the issue while for the secondary failure (bottom) it was a failure to connect via http. Gigantic difference. The secondary failure could have been caused by many things, like some of those mentioned in the post directly above by @rg305 that are often outside of your control. Try it again.
Nothing apart from the standard firewall. I've even gone to the lengths of opening up ports 80 and 443. However, I've successfully given certificates to all the other sites on the same server without the need to open up any additional ports. It's just this single site causing issues.
Hmm looks so I did a test at Lets Debug and it brought up this.
dan-orourke.com has an A (IPv4) record (213.171.212.37) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Not sure how to resolve this as everything seems to be in place as it should.
That's because your http to https redirect is turned on again and your port 443 is non-responsive.
@ 0ms: Making a request to http://dan-orourke.com/.well-known/acme-challenge/letsdebug-test (using initial IP 213.171.212.37)
@ 0ms: Dialing 213.171.212.37
@ 304ms: Server response: HTTP 301 Moved Permanently
@ 304ms: Received redirect to https://dan-orourke.com/
@ 304ms: Dialing 213.171.212.37
@ 10002ms: Experienced error: context deadline exceeded
Additionally, your redirect is incorrectly structured, so it's stripping the URI of the request off the end when redirecting (the .well-known/acme-challenge/letsdebug-test is missing after the redirect).
I keep getting intermittent performance for port 443. Sometimes it responds. Sometimes it doesn't. This smells like a responsive firewall issue (like Fail2Ban).