Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: francoisvalscaleway.ddns.net
I ran this command: certbot renew
It produced this output:
FailedChallenges: Failed authorization procedure. francoisvalscaleway.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://francoisvalscaleway.ddns.net/.well-known/acme-challenge/asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM: Timeout during connect (likely firewall problem)
My web server is (include version): apache 2.4.29
The operating system my web server runs on is (include version): ubuntu bionic
My hosting provider, if applicable, is: scaleway
I can login to a root shell on my machine (yes or no, or I donât know): yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if youâre using Certbot): 0.31.0
Can somebody helps on this problem ? Ports 80 and 443 are opened in iptables, I find this in the debug log:
{
âidentifierâ: {
âtypeâ: âdnsâ,
âvalueâ: âfrancoisvalscaleway.ddns.net â
},
âstatusâ: âinvalidâ,
âexpiresâ: â2020-04-16T11:01:07Zâ,
âchallengesâ: [
{
âtypeâ: âhttp-01â,
âstatusâ: âinvalidâ,
âerrorâ: {
âtypeâ: âurn:ietf:params:acme:error:connectionâ,
âdetailâ: âFetching http://francoisvalscaleway.ddns.net/.well-known/acme-challenge/asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM: Timeout during connect (likely firewall problem)â,
âstatusâ: 400
},
âurlâ: âhttps://acme-v02.api.letsencrypt.org/acme/chall-v3/3855556769/zo0e1w â,
âtokenâ: âasNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfMâ,
âvalidationRecordâ: [
{
âurlâ: âhttp://francoisvalscaleway.ddns.net/.well-known/acme-challenge/asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM â,
âhostnameâ: âfrancoisvalscaleway.ddns.net â,
âportâ: â80â,
âaddressesResolvedâ: [
â51.158.79.57â
],
âaddressUsedâ: â51.158.79.57â
}
]
}
]
}
2020-04-09 13:01:25,244:DEBUG:acme.client:Storing nonce: 01018alq7jWls0cSsCmfgpxcZFKY3NjLf6vl7Qlfo-_fmeQ
2020-04-09 13:01:25,245:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: francoisvalscaleway.ddns.net
Type: connection
Detail: Fetching http://francoisvalscaleway.ddns.net/.well-known/acme-challenge/asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM: Timeout during connect (likely firewall problem)
Hi @FrancoisVal
checking your domain via https://check-your-website.server-daten.de/?q=francoisvalscaleway.ddns.net - that works:
Port 80 answers.
So if you see that error message, looks like a regional firewall that blocks some ip addresses used by Letsencrypt.
It was indeed some kind of regional firewall. I am using ipset available on https://www.ipdeny.com/ , and the adresses used by letsencrypt are included in the file for the US. I disabled the iptables rule based on that set and my certificates could be renewed.
1 Like
system
Closed
May 9, 2020, 12:48pm
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.