ValueError challenge did not pass with acme-timy script


#1

Please fill out the fields below so we can help you better.

My domain is: mail.xxxx.sk

I ran this command: python3/python acme_tiny.py --account-key /root/ssl.novy/account.key --csr /root/ssl.novy/mail.xxx.sk.csr --acme-dir /var/www/html/.well-known/acme-challenge > /root/ssl.novy/signed.crt

It produced this output:

File “acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File “acme_tiny.py”, line 149, in get_crt
domain, challenge_status))
ValueError: mail.xxx.sk challenge did not pass: {‘error’: {‘type’: ‘urn:acme:error:connection’, ‘status’: 400, ‘detail’: ‘Could not connect to mail.xxxx.sk’}, ‘token’: ‘PnsptbFjBMLsdbz3HX8g8OoHyU1r0RLCqa9xfoy0fjw’, ‘type’: ‘http-01’, ‘uri’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/OEyrrfhllJAQqKj9PJPWDz9y6G0e2leT1_cRWGvXRH0/710666361’, ‘keyAuthorization’: ‘PnsptbFjBMLsdbz3HX8g8OoHyU1r0RLCqa9xfoy0fjw.VVeOEDNXKrH-oTUNv3q95f0rAt3QCBqVuMTYB0HUZho’, ‘validationRecord’: [{‘addressesResolved’: [‘1.1.1.1’], ‘addressUsed’: ‘1.1.1.1’, ‘port’: ‘80’, ‘hostname’: ‘mail.xxx.sk’, ‘url’: ‘http://mail.xxxx.sk/.well-known/acme-challenge/PnsptbFjBMLsdbz3HX8g8OoHyU1r0RLCqa9xfoy0fjw’}], ‘status’: ‘invalid’}

My operating system is (include version): Debian 8

My web server is (include version): Apache 2.4.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I regenerate this certificate 2 times with cron job, and 3. time it doing thix error.
Any help ? i fixing it 3 days without luck, i dont know what next. Thx


#2

What is your domain name ?

The error is reaching http://mail.xxxx.sk/.well-known/acme-challenge/token but without your domain name I can’t test that.


#3

mail.agroinstitut.sk


#4

Either you have a firewall or you don’t have apache listening on port 80 for mail.agroinstitut.sk


#5

tcp6 0 0 :::443 :::* LISTEN 14151/apache2
tcp6 0 0 :::80 :::* LISTEN 14151/apache2
<VirtualHost *:80>
.
.
.

I think i have, what can i do next ?


#6

Check if you have any firewall. I can’t reach your server

user@serverco:~$ curl -I mail.agroinstitut.sk
curl: (7) Failed to connect to mail.agroinstitut.sk port 80: Connection refused

Alternatively, use a verification method that doesn’t use port 80 ( either tls-01 which uses port 443 or the DN-01 challenge which needs a token in your DNS TXT records).


#7

Hmm thx thats interesting, no firewall, maybe some kind of redirection ?
*:80 mail.agroinstitut.sk (/etc/apache2/sites-enabled/000-default.conf:1)
*:443 mail.agroinstitut.sk (/etc/apache2/sites-enabled/default-ssl.conf:2)


#8

If it was a redirection, I would get a response ( and a redirect). Can you reach http://mail.agroinstitut.sk ?


#9

omg no, i must look where is problem


#10

BIG thx for hint, i must 3 check iptables - but i think fail2ban block something, big thx again for quick response …


#11

You’re welcome.

sudo iptables -L

should tell you what the main iptables rules are.


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.