Urn:ietf:params:acme:error:connection (one more)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
api.bolerotour.ru

I ran this command:
wacs.exe
Software version 2.1.8.838 (RELEASE, PLUGGABLE)
Running with administrator credentials

It produced this output:
Target generated using plugin IIS: api.bolerotour.ru

Authorize identifier api.bolerotour.ru
Authorizing api.bolerotour.ru using http-01 validation (SelfHosting)
{
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://api.bolerotour.ru/.well-known/acme-challenge/MOEeSs
UlbXSABNuShgnv-KTF6WD1v_ozUaGi08d3rPQ: Timeout during connect (likely firewall p
roblem)”,
“status”: 400
}
Authorization result: invalid

My web server is (include version): 8.5

The operating system my web server runs on is (include version): Windows Server 2012R2

My hosting provider, if applicable, is: –

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
wacs.exe 2.1.8.838

Hi @alf2006x

there

is your job. A working port 80 is required, not a timeout.

Unfortunately, our major-sysadmin politics is to prevent broadcasting opening 80 port.
Is there any other way to make a new LE sertificate without opening this port?
And of course to easely renew it in the future.

That's

a wrong policy, change that.

Read

Or switch to dns validation.

Thanks a lot. I will try )
And there is one more trouble. It looks like some times ago my renewing of LE was broken.
This is about my other site: arfa.travel
And this is other host with opened 80 port.
It was always everything good but now I receive letter that sertificate will gone soon.
What could have happened?
My wacs.exe writes this:

[INFO] A simple Windows ACMEv2 client (WACS)
[INFO] Software version 2.0.9.386 (RELEASE)
[INFO] IIS version 8.5
[INFO] Please report issues at https://github.com/PKISharp/win-acme

[INFO] Renewing certificate for [Manual] arfa.travel
[INFO] Authorize identifier: arfa.travel
[INFO] Authorizing arfa.travel using http-01 validation (SelfHosting)
[EROR] Authorization timed out
[EROR] Renewal for [Manual] arfa.travel failed, will retry on next run

Still dont work.
I’m very disappoint. It looks everything OK with my site on 80 port.
And win-acme doing everything without any error.
But my https://api.bolerotour.ru doesn’t want to work correct.
It returns ERR_CONNECTION_TIMED_OUT.
Both 80 and 443 ports are opened.
When my carma was broken?

Now I can open your file. 404, but that's a correct answer.

Looks like you have a firewall with regional blockings, so Letsencrypt is blocked.

It looks like we’ve done it.
Works great.
Thanx a lot!

1 Like

Yep, now my browser has a new Letsencrypt certificate :+1:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.