Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: nbs.sec-comms.net
I ran this command:
C:\Windows\system32>certbot --webroot -w c:\gemweb\parent certonly -d nbs.sec-comms.net
It produced this output:
Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nbs.sec-comms.net
Using the webroot path c:\gemweb\parent for all unmatched domains.
Waiting for verification...
β[31mChallenge failed for domain nbs.sec-comms.netβ[0m
http-01 challenge for nbs.sec-comms.net
Cleaning up challenges
β[31mSome challenges have failed.β[0m
β[1m
IMPORTANT NOTES:
β[0m - The following errors were reported by the server:
Domain: nbs.sec-comms.net
Type: connection
Detail: 82.13.200.226: Fetching
http://nbs.sec-comms.net/.well-known/acme-challenge/RX7Xn-ODeXLNnwGpsrAK01OWYoc9cyU1a96I5_oAhEs:
Timeout during connect (likely firewall problem)
My web server is (include version): Apache 2.4
The operating system my web server runs on is (include version): Win 10
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 1.8.0
Notes:
http://nbs.sec-comms.net (unencrypted) produces output
I am using a failover router. Sec-comms.net DNS A record is set to 82.13.200.226 and messages addressed to this IP are processed. All responses are given via IP 45.13.7.252 This is not a problem with normal browsers. Does LE look for a response from the ip addresses it sent the challenge to?