Unable to get a Certificate using current FileMaker Server

Help
1

Hello!

I've been around the block with Claris tech support and they finally said "ask Let's Encrypt" what is going on so...

I am running FileMaker Server 2025 (version 22.0.4.427) on macOS 15.7.3. I currently have a custom cert, but need to move to getting a Let's Encrypt cert within the next few months (for )

According to Claris' documentation, the requirements to make this work seem simple enough: ClarisPKB

"To use Let's Encrypt with FileMaker Server, you must meet the following requirements:

  • FileMaker Server 2025
  • HTTP site hosted on a public server
  • Public domain name for the server
  • Ports 80 and 443 open"

I am able to use their webadmin apps to "Test Validation" of my FQDN server successfully. I can "curl -I -m7 (http and https)" of my server and get the correct information back. I can "namp -Pn (server) and it tells me ports 80 and 443 are open.

But any time I actually request the LE certificate, I get this:

"Certificate Request Failed: "Failure / timeout verifying challenge passed""

Claris did pass on this test website: https://letsdebug.net/ -- but that fails.

I'm sort of stumped here. I appear to be meeting the (simple) requirements to obtain an LE certificate -- but unfortunately there are no FileMaker logs that are telling me what is failing.

Is there anything painfully obvious that I'm missing here? Claris's KB is extremely simple in what should be done and what should work -- but it's not. Are they missing a step that I need to be following somewhere?

Thanks!

2

It's going to be hard for people to validate connections to your domain without knowing the domain name. But it sounds like your port 80 isn't actually open to the world even though you think it is, especially if that's what Let's Debug is telling you.

4 Likes
3

When testing port 80 and port 443 access, be sure to do so from the Internet [from outside your local/internal network].

3 Likes
4

I had a friend in another state test that they are able to get to the server via http and https

My hostname is fms.dsc.umich.edu if you want to see from your end? That's what's throwing me off. My firewall admins don't see anything weird on my end with the ports being blocked, etc.

5

I think you have a Palo Alto brand firewall blocking ACME HTTP Challenge requests.

We have seen this a lot over time. See this thread which explains the remedy. It even happens to be someone using Filemaker (although this is not specific to that). Test Validation Works, Cert Request Fails in FileMaker Pro - #4 by MikeMcQ

These two requests demonstrate it:

# Works as expected
curl -i -m5 http://fms.dsc.umich.edu/.well-known/acme-challenge/Test404
HTTP/1.1 404 Not Found
Date: Wed, 04 Feb 2026 20:28:43 GMT
Server: Apache

# Fails with a user-agent string similar to Let's Encrypt servers
curl -i -m5 http://fms.dsc.umich.edu/.well-known/acme-challenge/Test404 -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
curl: (28) Operation timed out after 5001 milliseconds with 0 bytes received
3 Likes
6

Interesting -- Let me reach out the firewall team on my end and see what they say. Thanks!

2 Likes