Urn:ietf:params:acme:error:connection Status: 400 Timeout after connect (your server may be slow or overloaded)

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: climatech.ps

I ran this command: Browsing (https://acme-v02.api.letsencrypt.org/acme/authz-v3/286678020436)

It produced this output:
{
"identifier": {
"type": "dns",
"value": "climatech.ps"
},
"status": "invalid",
"expires": "2023-11-30T09:44:01Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "217.66.226.106: Fetching http://climatech.ps/.well-known/acme-challenge/RnYM16MN44DNm-5Sv6FtvJXP8IHXbP24Ma7jEtBpW7w: Timeout after connect (your server may be slow or overloaded)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/286678020436/ChYefw",
"token": "RnYM16MN44DNm-5Sv6FtvJXP8IHXbP24Ma7jEtBpW7w",
"validationRecord": [
{
"url": "http://climatech.ps/.well-known/acme-challenge/RnYM16MN44DNm-5Sv6FtvJXP8IHXbP24Ma7jEtBpW7w",
"hostname": "climatech.ps",
"port": "80",
"addressesResolved": [
"217.66.226.106"
],
"addressUsed": "217.66.226.106"
}
],
"validated": "2023-11-23T09:44:04Z"
}
]
}

My web server is (include version): IIS (Version 10.0.20348.1)

The operating system my web server runs on is (include version): Windows server 2022 DataCenter

My hosting provider, if applicable, is: I'm hosting provider using plesk

I can login to a root shell on my machine (yes or no, or I don't know): Yes , i'm the admin

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):yes

The result error is :

Could not issue an SSL/TLS certificate for climatech.ps
Details

Could not issue a Let's Encrypt SSL/TLS certificate for climatech.ps. Authorization for the domain failed.

Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/286678020436.

Details:

Type: urn:ietf:params:acme:error:connection

Status: 400

Detail: 217.66.226.106: Fetching http://climatech.ps/.well-known/acme-challenge/RnYM16MN44DNm-5Sv6FtvJXP8IHXbP24Ma7jEtBpW7w: Timeout after connect (your server may be slow or overloaded)

2

Hi @PalestineRevolution, and welcome to the LE community forum :slight_smile:

LE authentication systems were unable to reach your web server via HTTP:

But I can reach it:

curl -Ii climatech.ps/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Length: 3214
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Thu, 23 Nov 2023 20:10:13 GMT

Have you changed anything?

Try testing with the staging environment and also using Let's Debug.

2 Likes
3

curl works from my location

$ curl -Ii http://climatech.ps/.well-known/acme-challenge/somtestfile
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Length: 3208
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Sun, 26 Nov 2023 23:33:46 GMT

This never completes even after minutes!
Do you a have a Palo Alto Firewall?
This is emulating how Let's Encrypt makes the request to the server.

$ curl -Ii http://climatech.ps/.well-known/acme-challenge/somtestfile -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
^C

Please see:

and another recent thread

Ports 80 & 443 look Open from my location.

$ nmap -Pn -p80,443 climatech.ps
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-26 23:37 UTC
Nmap scan report for climatech.ps (217.66.226.106)
Host is up (0.20s latency).
rDNS record for 217.66.226.106: plesk02.hadara.ps

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 1.03 seconds
1 Like
4

And using this online tool Rex Swain's HTTP Viewer with the input URL of http://climatech.ps/.well-known/acme-challenge/somtestfile I see

This problem case:
with a User-Agent of "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" this:

Rex Swain's HTTP Viewer
http://www.rexswain.com/httpview.html
Code last updated 5 August 2023

Request:
GET http://climatech.ps/.well-known/acme-challenge/somtestfile HTTP/1.1
Host: climatech.ps
User-Agent: "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
Referer: 
Connection: Close
Response Header:
 500 read timeout
Content-Type: text/plain
Content (Length = 76):
read·timeout·at·/home/rexswa5/perl5/lib/perl5/Net/HTTP/Methods.pm·line·266.(LF)
Done
Total elapsed time: 5 seconds

with the default User-Agent this:

Rex Swain's HTTP Viewer
http://www.rexswain.com/httpview.html
Code last updated 5 August 2023

Request:
GET http://climatech.ps/.well-known/acme-challenge/somtestfile HTTP/1.1
Host: climatech.ps
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Referer: https://www.rexswain.com/httpview.html
Connection: Close
Response Header:
HTTP/1.1 404 Not Found
Cache-Control: private
Date: Sun, 26 Nov 2023 23:49:17 GMT
Server: Microsoft-IIS/10.0
Content-Length: 3208
Content-Type: text/html; charset=utf-8
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Content (Length = 3208):
<!DOCTYPE·html>(CR)(LF)
<html>(CR)(LF)
····<head>(CR)(LF)
1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.