Urn:acme:error:connection - Challenge Failed

Server
1

Hi All,

My boulder instance is running fine in a ubuntu VM box.

Im having a ACME client and have connected to Boulder. While generating certificates, challenge fails. Here is the error stack.

JSON TOKEN: {“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:connection”,“detail”:“Could not connect to www.provteam.in:5002”,“status”:400},“uri”:“http://192.168.1.143:4000/acme/challenge/0ba_zpYl6yl_41tmj3q-_GdZKqANyWx-y1Yrr2jTWtU/37",“token”:“ZLAMteETbUOWdoK82fxakDIoTo3daAy5qly7T0XytvQ”,“keyAuthorization”:“ZLAMteETbUOWdoK82fxakDIoTo3daAy5qly7T0XytvQ.yzBaTGln-PILBEuo8dTkTtK59vmWsw4ypwcejxCJ7ts”,“validationRecord”:[{“url”:“http://www.provteam.in:5002/.well-known/acme-challenge/ZLAMteETbUOWdoK82fxakDIoTo3daAy5qly7T0XytvQ”,“hostname”:“www.provteam.in”,“port”:“5002”,“addressesResolved”:[“127.0.0.1”],“addressUsed”:"127.0.0.1”}]}

I have opened port 5002 and no services running in this port.

is any config i need to change?

Thanks in advance.

2

Can you provide a little more background detail ? the http-01 challenge will be on port 80 (not 5002). You also have a link to an internal IP ( 192.168.1.143:400 )

3

Sure serverco.

192.168.1.143:4000 is where i have installed boulder instance.

BY default in boulder VA is configured to connect 5002 to validate HTTP-01 challenge. As im facing error, I have changed VA configuration port config to port 80 and 443. But still im facing the challenge failed.

Fake DNS for my boulder is 172.17.0.1. I have modified this in docker-compose file. No im getting the below error.

JSON TOKEN: {“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:connection”,“detail”:“Could not connect to www.provteam.in”,“status”:400},“uri”:“http://192.168.1.143:4000/acme/challenge/Cuv6CmbM8-gNqkoOlEX6XAUiJaUP_hYMgX30iEtV2iE/59",“token”:“JGpnwSgJdztH9VTPNdtoZDdQTklvAlFYDw0ZJf6Jbok”,“keyAuthorization”:“JGpnwSgJdztH9VTPNdtoZDdQTklvAlFYDw0ZJf6Jbok.nItNAASpmAdMIfl8PldWo6xQoVQ9QrB2aVRkiYny1go”,“validationRecord”:[{“url”:“http://www.provteam.in/.well-known/acme-challenge/JGpnwSgJdztH9VTPNdtoZDdQTklvAlFYDw0ZJf6Jbok”,“hostname”:“www.provteam.in”,“port”:“80”,“addressesResolved”:[“172.17.0.1”],“addressUsed”:"172.17.0.1”}]}

4

Thanks - I’d completely missed that you were running your own docker :wink:

The error being - Could not connect to www.provteam.in",“status”

If you manually try going to http://www.provteam.in/.well-known/acme-challenge/JGpnwSgJdztH9VTPNdtoZDdQTklvAlFYDw0ZJf6Jbok can you reach that location and obtain a response ?

5

Yes . I can able to reach it from my browser and can able to view the response.

Have you checked the address resolved and address used. It is 172.17.0.1 which is fake DNS for docker. But the address resolved and address used ip should be my domain’s IP. Please correct me if iam wrong.

6

It depends what machine you are running the ACME client on

From Boulder

In order to talk to a letsencrypt client running on the host, the fake DNS client used in Boulder's start.py needs to know what the host's IP is from the perspective of the container. The default value is 127.0.0.1. If you'd like your Boulder instance to always talk to some other host, you can set FAKE_DNS to that host's IP address.

From another thread -

1 Like
7

Hey gotttt itttt…:grin:

I have mapped the fake dns to my host server ip and the challenge succeded.

thanks a lottttt…

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.