Unable to reach the challenge token URL


#1

My domain is: gosthome.ddns.net

I ran this command: greenlock.create({
version: ‘draft-12’,
server: ‘https://acme-v02.api.letsencrypt.org/directory’,
configDir: ‘~/.config/acme’,
email: ‘abner.peter@gmail.com’,
agreeTos: true,
communityMember: true,
approveDomains: [‘gosthome.ddns.net’],
securityUpdates: true,
debug: true
})

It produced this output:
[gl/index.js] gl.getCertificates called for gosthome.ddns.net with certs for NONE
[gl/index.js] gl.approveDomains called with certs for NONE and options:
[gl/index.js] { domain: ‘gosthome.ddns.net’,
domains: [ ‘gosthome.ddns.net’ ],
email: ‘abner.peter@gmail.com’,
agreeTos: true,
communityMember: true,
telemetry: undefined }
[gl/index.js] gl getting from disk or registering new
[le-store-certbot]
[le-store-certbot]
[greenlock/lib/core.js] checkAsync failed to find certificates
[le-store-certbot] success reading arg.accountsDir
[le-store-certbot] regrs.length 1
[le-store-certbot] accountId: c81006333221206688a6aa9b363dd168
[greenlock/lib/core.js] calling greenlock.acme.getCertificateAsync [ ‘gosthome.ddns.net’ ]
[acme-v2] DEBUG get cert 1
[acme-v2] accounts.create
[acme-v2] agreeToTerms
[acme-v2] accounts.create JSON body:
{ protected: ‘eyJub25jZSI6Imt1RldzeXc0M2xiQjdSN2tidzl3Wm1Ed05SZmhnVjZuSlJVZkRwQnVseXciLCJhbGciOiJSUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0IiwiandrIjp7Imt0eSI6IlJTQSIsIm4iOiIxa01pQmVPaEVfMFRBSHpQdFVkb0lFUUJ5R19ETzJhMEZUajB5a1BKSHNfQkI2NVowbUNEd2pWNndvT0dJLVo4czktdlQwMjV0ZzhVME1rMi1VbEo3S0NRcUNqWXpHb3lUcXhBU05uLWpmXzBPSF9iYjhfc29QTVc0YVlpOU1QWTduV3FQSVhIa19KR1RPd2pSQ0lZbm1LcjZvcmNCZlRhbUZsUDA3S2FxalQ1NVQzNXdIQXpySFZUNmQ4REZtZGFCWXRhVUppejFPU2J5OGtjWjlmanEzYUM4VUstNXZMTWhpR2NQSm8tV0pGNlk5dlFRNm05a2tCdGd2RTRINjFjcExCZEloZ25Zd002SUV1cERyVllhSGJqazN1WHA3UG1rMm5MeXZqUkVXUW0zS3hienJXczM1UGY2U1Z5Q3AxNVRzRTdnTFBrMVZlVWhfMjlEcFJEOXciLCJlIjoiQVFBQiJ9fQ’,
payload: ‘eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZSwib25seVJldHVybkV4aXN0aW5nIjpmYWxzZX0’,
signature: ‘tYF1Q95sfKc6Ab3Wj6jK4t0BCPog5wYQM020zqE0zti7J_LtoLpEtUcQ-Aui_o7bD3mKFwMH0_UkWBX6zpbtbBx4Z9HSqgNU6rIYVlzRwNY_KdnnRfZcl3iQYTxwn6gmppvKyoyN5wR_80us3vsvacxZuJw8WEGlJViox4g7Nq86op1cBly14mdScmrjbhVPPGrikQ0doiy82oD_93RIRxkYyYhOGEhiBY-C2i6WScTAb0VDDhUVHR86JN7YZYU4EMgJ5OSfLJth5ybHpoGs9wliXVm0mSVCD5h-d42jGEtgLeqPmvg6Znr7pUSQ1w2w4J60qy3qsPFLFJBAQxXvBg’ }
[DEBUG] new account location:
https://acme-v02.api.letsencrypt.org/acme/acct/49123700
{ statusCode: 200,
body:
{ id: 49123700,
key:
{ kty: ‘RSA’,
n: ‘1kMiBeOhE_0TAHzPtUdoIEQByG_DO2a0FTj0ykPJHs_BB65Z0mCDwjV6woOGI-Z8s9-vT025tg8U0Mk2-UlJ7KCQqCjYzGoyTqxASNn-jf_0OH_bb8_soPMW4aYi9MPY7nWqPIXHk_JGTOwjRCIYnmKr6orcBfTamFlP07KaqjT55T35wHAzrHVT6d8DFmdaBYtaUJiz1OSby8kcZ9fjq3aC8UK-5vLMhiGcPJo-WJF6Y9vQQ6m9kkBtgvE4H61cpLBdIhgnYwM6IEupDrVYaHbjk3uXp7Pmk2nLyvjREWQm3KxbzrWs35Pf6SVyCp15TsE7gLPk1VeUh_29DpRD9w’,
e: ‘AQAB’ },
contact: [ ‘mailto:abner.peter@gmail.com’ ],
agreement: ‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’,
initialIp: ‘92.139.144.23’,
createdAt: ‘2019-01-08T07:58:16Z’,
status: ‘valid’ },
headers:
{ server: ‘nginx’,
‘content-type’: ‘application/json’,
‘content-length’: ‘656’,
location: ‘https://acme-v02.api.letsencrypt.org/acme/acct/49123700’,
‘replay-nonce’: ‘cFD8el1xZahUt9MAptpysip0mbHouUH_EcqzENjNbvw’,
‘x-frame-options’: ‘DENY’,
‘strict-transport-security’: ‘max-age=604800’,
expires: ‘Tue, 08 Jan 2019 08:22:07 GMT’,
‘cache-control’: ‘max-age=0, no-cache, no-store’,
pragma: ‘no-cache’,
date: ‘Tue, 08 Jan 2019 08:22:07 GMT’,
connection: ‘close’ },
request:
{ uri:
Url {
protocol: ‘https:’,
slashes: true,
auth: null,
host: ‘acme-v02.api.letsencrypt.org’,
port: null,
hostname: ‘acme-v02.api.letsencrypt.org’,
hash: null,
search: null,
query: null,
pathname: ‘/acme/new-acct’,
path: ‘/acme/new-acct’,
href: ‘https://acme-v02.api.letsencrypt.org/acme/new-acct’ },
method: ‘POST’,
headers:
{ ‘Content-Type’: ‘application/jose+json’,
‘Content-Length’: 1139 } } }
[acme-v2] DEBUG get cert 1
[greenlock/lib/core.js] setChallenge called for ‘gosthome.ddns.net

[DEBUG] waitChallengeDelay 500

[acme-v2] handled(?) rejection as errback:
Error: socket hang up
at createHangUpError (_http_client.js:331:15)
at Socket.socketOnEnd (_http_client.js:423:23)
at emitNone (events.js:111:20)
at Socket.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:139:11)
at process._tickCallback (internal/process/next_tick.js:181:9)
Error loading/registering certificate for ‘gosthome.ddns.net’:
{ Error: socket hang up
at createHangUpError (_http_client.js:331:15)
at Socket.socketOnEnd (_http_client.js:423:23)
at emitNone (events.js:111:20)
at Socket.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:139:11)
at process._tickCallback (internal/process/next_tick.js:181:9) code: ‘ECONNRESET’ }

My web server is (include version): Node v8.9.4

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: DDNS.NET (NoIP)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

So my server (Win 10 + Node + Greenlock) was working for a few months now and stopped working yesterday afternoon (GMT +1), I’ve tried the staging environment but I’ve gotta say, I’m kinda lost on why it stopped working.

If someone would be kind enough to help me in this matter, it would be awesome :slight_smile:


#2

Hi @gostron

I don’t find a clear error message in your output. Checking your domain there are only timeouts ( https://check-your-website.server-daten.de/?q=gosthome.ddns.net ) :

Domainname Http-Status redirect Sec. G
http://gosthome.ddns.net/
92.139.144.23 -14 10.027 T
Timeout - The operation has timed out
https://gosthome.ddns.net/
92.139.144.23 -14 10.027 T
Timeout - The operation has timed out
http://gosthome.ddns.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
92.139.144.23 -14 10.026 T
Timeout - The operation has timed out

The https - timeout isn’t a problem. But the last url (checking a file in /.well-known/acme-challenge ) should answer with a 404 (file does not exist).

Are your router settings ok? Or is there a firewall?


#3

That’s a simple Win 10 Home project which was working quite fine in the same day and stopped working without any reboot or change. May it be that my challenge or certificate expired and I just can’t get a new one (and the situation has been like so for a certain amount of time) ?

If the error I copied is not the error, do you have any idea how I can retrieve better explicit logs ? I believe the issue with the server is still with the https handling.

Sorry for being a little heavy on the questions


#4

Does your Internet provider allows port 80? Perhaps there is a new limitation. Is your server running? Is http / port 80 configured? Do you have local access to http / port 80?


#5

My Server wasn’t serving the http 80 port for security reasons. I’ve enabled it and have begun trying to make the challenge/certificate working.

My guess is that my code never really worked, just that i got my certificate with a simple test code, and it lasted until now.

I’m trying to solve my problem, then I’ll try to explain any meaningful outcome if any ^^"


#6

Well I believe my previous assertion was correct. My code didn’t have any chance at working because as I understand it:

  • I need greenlock (or greenlock express) to create the server
  • I need the server to listen to the port 80 (which I really don’t like)

Could I externalize my certificate from my project, only running greenlock related code to certificates only once a year, and making my projet work only on port 443 while managing my server myself ?

Thank you for your time so far


#7

You can use dns-01 - validation instead. Then you don’t need a running webserver / port 80. But you must create a dns-txt entry

_acme-challenge.gosthome.ddns.net

with a special value.

Letsencrypt certificates are only 90 days valide, so you should have an automation. A dns-provider with an API or a webserver with a running port 80.


closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.