ValueError challenge did not pass with acme-timy script


Please fill out the fields below so we can help you better.

My domain is:

I ran this command: python3/python --account-key /root/ssl.novy/account.key --csr /root/ssl.novy/ --acme-dir /var/www/html/.well-known/acme-challenge > /root/ssl.novy/signed.crt

It produced this output:

File “”, line 198, in
File “”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,
File “”, line 149, in get_crt
domain, challenge_status))
ValueError: challenge did not pass: {‘error’: {‘type’: ‘urn:acme:error:connection’, ‘status’: 400, ‘detail’: ‘Could not connect to’}, ‘token’: ‘PnsptbFjBMLsdbz3HX8g8OoHyU1r0RLCqa9xfoy0fjw’, ‘type’: ‘http-01’, ‘uri’: ‘’, ‘keyAuthorization’: ‘PnsptbFjBMLsdbz3HX8g8OoHyU1r0RLCqa9xfoy0fjw.VVeOEDNXKrH-oTUNv3q95f0rAt3QCBqVuMTYB0HUZho’, ‘validationRecord’: [{‘addressesResolved’: [‘’], ‘addressUsed’: ‘’, ‘port’: ‘80’, ‘hostname’: ‘’, ‘url’: ‘’}], ‘status’: ‘invalid’}

My operating system is (include version): Debian 8

My web server is (include version): Apache 2.4.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I regenerate this certificate 2 times with cron job, and 3. time it doing thix error.
Any help ? i fixing it 3 days without luck, i dont know what next. Thx


What is your domain name ?

The error is reaching but without your domain name I can’t test that.



Either you have a firewall or you don’t have apache listening on port 80 for


tcp6 0 0 :::443 :::* LISTEN 14151/apache2
tcp6 0 0 :::80 :::* LISTEN 14151/apache2
<VirtualHost *:80>

I think i have, what can i do next ?


Check if you have any firewall. I can’t reach your server

user@serverco:~$ curl -I
curl: (7) Failed to connect to port 80: Connection refused

Alternatively, use a verification method that doesn’t use port 80 ( either tls-01 which uses port 443 or the DN-01 challenge which needs a token in your DNS TXT records).


Hmm thx thats interesting, no firewall, maybe some kind of redirection ?
*:80 (/etc/apache2/sites-enabled/000-default.conf:1)
*:443 (/etc/apache2/sites-enabled/default-ssl.conf:2)


If it was a redirection, I would get a response ( and a redirect). Can you reach ?


omg no, i must look where is problem


BIG thx for hint, i must 3 check iptables - but i think fail2ban block something, big thx again for quick response …


You’re welcome.

sudo iptables -L

should tell you what the main iptables rules are.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.