Verification fails but can access file from browser

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: georgehome.gotdns.com

I ran this command: sudo certbot certonly --manual

It produced this output:

Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. georgehome.gotdns.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://georgehome.gotdns.com/.well-known/acme-challenge/GKZfCWNp0e4slU5sDX3-mddwRA4aJ96s0-aaBl7XCg8: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: georgehome.gotdns.com
  Type: connection
  Detail: Fetching
  http://georgehome.gotdns.com/.well-known/acme-challenge/GKZfCWNp0e4slU5sDX3-mddwRA4aJ96s0-aaBl7XCg8:
  Timeout during connect (likely firewall problem)

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Raspberry Buster

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Using the simple method certbot --apache fails verification, so I tried it manually.

I created the required files on my server but the verification still fails.

File Info:

Create a file containing just this data:

GKZfCWNp0e4slU5sDX3-mddwRA4aJ96s0-aaBl7XCg8.oVxa55z15v0diSR6rM0SNN836fiNYAXs2RBD2VIVxfc

And make it available on your web server at this URL:

http://georgehome.gotdns.com/.well-known/acme-challenge/GKZfCWNp0e4slU5sDX3-mddwRA4aJ96s0-aaBl7XCg8

If I put the verification URL in my browser, it works fine and displays:

GKZfCWNp0e4slU5sDX3-mddwRA4aJ96s0-aaBl7XCg8.oVxa55z15v0diSR6rM0SNN836fiNYAXs2RBD2VIVxfc

Hi @gshafer

your domain is invisible ( https://check-your-website.server-daten.de/?q=georgehome.gotdns.com ) :

Only timeouts.

No, that doesn't work. Not with an online tool, not with my browser.

You need a working port 80 with a webserver.

Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.