letsencrypt reports timeout error. Nevertheless, I can see in httpd logs successful fetches
of challenge:
185.207.91.217 - - [30/Sep/2020:14:20:23 +0400] "GET /.well-known/acme-challenge/pQM4gBRblCX8Bizhx2j4uiWTGMTzPqk5c5hXTEdETRc HTTP/1.1" 200 87 "-" "getssl/2.20"
66.133.109.36 - - [30/Sep/2020:14:20:27 +0400] "GET /.well-known/acme-challenge/pQM4gBRblCX8Bizhx2j4uiWTGMTzPqk5c5hXTEdETRc HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
18.224.20.83 - - [30/Sep/2020:14:20:28 +0400] "GET /.well-known/acme-challenge/pQM4gBRblCX8Bizhx2j4uiWTGMTzPqk5c5hXTEdETRc HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
Even 3 from different IPs. It looks like letsencrypt dropped them at its side.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: shower.inr.ac.ru
I ran this command: getssl -a
It produced this output: Check all certificates
Registering account
Verify each domain
Verifying shower.inr.ac.ru
copying challenge token to /var/www/html/.well-known/acme-challenge/pQM4gBRblCX8Bizhx2j4uiWTGMTzPqk5c5hXTEdETRc
sending request to ACME server saying we're ready for challenge
checking if challenge is complete
Pending
checking if challenge is complete
Pending
checking if challenge is complete
getssl: shower.inr.ac.ru:Verify error: "detail": "During secondary validation: Fetching http://shower.inr.ac.ru/.well-known/acme-challenge/pQM4gBRblCX8Bizhx2j4uiWTGMTzPqk5c5hXTEdETRc: Timeout during connect (likely firewall problem)",
My web server is (include version): apache 2.2.15
The operating system my web server runs on is (include version): linux sl6
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): getssl