Verification is failing on standalone

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: minuet.hopto.org

I ran this command: ./letsencrypt-auto certonly --standalone -d minuet.hopto.org

It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for minuet.hopto.org
Waiting for verification…
Challenge failed for domain minuet.hopto.org
http-01 challenge for minuet.hopto.org
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: minuet.hopto.org
    Type: connection
    Detail: Fetching
    http://minuet.hopto.org/.well-known/acme-challenge/Z3ZJtGRV8PpRvX0dt0EP7A5u26vgoW0U-oGai7C88BQ:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): standalone

The operating system my web server runs on is (include version): centos6

My hosting provider, if applicable, is: dyndns service pointing to BT fibre

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.32.0

Logs show this
2019-04-01 06:05:31,907:DEBUG:acme.client:Storing nonce: Z9Qem4_UDyflmhhmSpJHbcPgfHLaBYDp2orSVTbphs4
2019-04-01 06:05:32,186:DEBUG:acme.standalone:::ffff:192.168.1.177 - - Incoming request
2019-04-01 06:05:32,187:DEBUG:acme.standalone:::ffff:192.168.1.177 - - No resources to serve
2019-04-01 06:05:32,187:DEBUG:acme.standalone:::ffff:192.168.1.177 - - /.well-known/acme-challenge/AklKnTArpA1OSTmVl2-OE2AQn6bw36ru6l0UB44eelY: does not correspond to any resource. ignoring
2019-04-01 06:05:32,190:DEBUG:acme.standalone:::ffff:192.168.1.177 - - Incoming request
2019-04-01 06:05:32,191:DEBUG:acme.standalone:::ffff:192.168.1.177 - - No resources to serve
2019-04-01 06:05:32,192:DEBUG:acme.standalone:::ffff:192.168.1.177 - - /.well-known/acme-challenge/AklKnTArpA1OSTmVl2-OE2AQn6bw36ru6l0UB44eelY: does not correspond to any resource. ignoring
2019-04-01 06:05:32,195:DEBUG:acme.standalone:::ffff:192.168.1.177 - - Incoming request
2019-04-01 06:05:32,196:DEBUG:acme.standalone:::ffff:19

Hi @theresajayne,

Do you have port 80 on your router or firewall forwarded to port 80 on this machine? In the past, Let’s Encrypt could perform validations on port 443 (so if you had port 443 forwarded to port 443, it might have been able to complete the validation); there was a recent change which led to Certbot (the program that used to be called letsencrypt-auto) using port 80 exclusively, so you would now need a port forwarding rule for port 80 as well.

Hi @theresajayne

is it possible to run a webserver?

Your domain is invisible. So it’s not really possible to see, why Letsencrypt can’t connect your domain.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.