Urn:ietf:params:acme:error:connection

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: [[redacted]] It’s a client of mine, i can provide the full url in private, or access this private bin please:

https://cryptobin.co/85d6o9f0
pass: helpme

I ran this command: wacs.exe

It produced this output:

[WARN] First chance error calling into ACME server, retrying with new nonce…
[INFO] Authorize identifier: mydomain.com
[INFO] Authorizing mydomain.com using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http:/mydomain.com/.well-known/acme-challenge/aecI0By2tuMjxl0K0BoBAkjVW_eICXyC0jKnh9mIFgA
[INFO] Preliminary validation looks good, but ACME will be more thorough…
[EROR] {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://mydomain.com/.well-known/acme-challenge/aecI0By2tuMjxl0K0BoBAkjVW_eICXyC0jKnh9mIFgA: Error getting validation data”,
“status”: 400
}
[EROR] Authorization result: invalid

My web server is (include version): IIS 8.5

The operating system my web server runs on is (include version): Windows Server 2008 R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

[INFO] A simple Windows ACMEv2 client (WACS)
[INFO] Software version 2.0.3.206 (RELEASE)
[INFO] IIS version 8.5
[INFO] Please report issues at https://github.com/PKISharp/win-acme

Hello sorry for not provide real URL, but its not mine. I’m trying to renew the certs of 3 subdomains of the same domain. All clients that i’ve tried returned the same error.

I’ve tried as in memory (self-hosting) and local file. In local file I can see the files there, i can access the files from other network (3g phone for eg.) But acme server can’t access it… I’m loosing my mind… :frowning:

Please help.

2

Hi @sxfx

there are two different ipv4 addresses.

But one doesn’t answer if there is a http request.

Perhaps remove the ip address with the timeout.

The other ip address looks good.

1 Like
3

Hello @JuergenAuer, thanks for your reply!

Yes, you are right, one of my ips was failing, because my collegue put the firewall interface of it down.

I just wondering why ACME is always resolving for the failing IP, as it has round robin configured…

Cache issues?

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.