I noticed the web server was not reachable so I checked the certify, I saw an error requesting for renewal even when the it says expires in 58 days. I tried the renewal but it was returning error. I deleted the certificate and tried to request for another certificate it was returning the same error
Validation of the required challenges did not complete successfully. Validation failed: apps.e13solution.com [dns]
Response from Certificate Authority: 154.118.66.83: Fetching http://apps.e13solution.com/.well-known/acme-challenge/ECi1Vhv5BzBpdxq_mhmyt5_tjfzG6rQPTPy6Qkcqi6g: Timeout during connect (likely firewall problem) [BadRequest :: urn:ietf:params:acme:error:connection]
I use letsdebug.net to check it returned below; I have done all I could with success, please any help would be appreciated:
ANotWorking
ERROR
apps . e13solution .com has an A (IPv4) record (154.118.66.83) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with apps . e13solution. com/154.118.66.83: Get “http://apps.e13solution.com/.well-known/acme-challenge/letsdebug-test”: context deadline exceeded
Trace:
@0ms: Making a request to http: // apps. e13solution. com/ .well-known/acme-challenge/letsdebug-test (using initial IP 154.118.66.83)
@0ms: Dialing 154.118.66.83
@10000ms: Experienced error: context deadline exceeded
IssueFromLetsEncrypt
A test authorization for apps.e13solution.com to the Let’s Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
154.118.66.83: Fetching http: // apps. e13solution .com/. well-known/acme-challenge/NByEdtMaWv6QSv3TwKOYZMxoTp2ujlhrQiQOeQPE1nA: Timeout during connect (likely firewall problem)
Regards,
Wale Steve
Hi,
Currently it looks like your machine is not accepting external traffic on TCP port 80. You could check this on Windows Firewall and if you are hosted within a cloud VM provider you’ll need to check that TCP port 80 is allowed/enabled on their platform as well.
You may want to consider a reboot as Windows Firewall can sometime be a little sticky in that it’s filtering rules don’t always apply/disable when you expect them to.
A fairly common problem is that people get https (port 443) working they then assume that port 80 isn’t going to be used anymore, but http domain validation still uses that. Whether you have a web server listening on port 80 or not, the app will provide an http listener just for http challenge responses. If you don’t want to open port 80 you could use DNS validation instead but that’s a bit more complex than http validation.
I should add, I can’t contact your server at all, so this is likely all firewall problems or your web server is not running. I doubt that the problem is related to Certify at all, your webserver just isn’t contactable.
If you happen to be self hosting (in a home or office) note that some ISPs block website hosting over http/https and depending on their terms they may not have told you they were blocking that.
If your email address is configured against the ACME account under Settings> Certificate Authorities and default status reporting is enabled (and outgoing https from your server to our API works) the app will try to contact our API when renewals start to fail and you will receive a notification email. 58 days left of a 90 day certificate is still basically a new certificate, so it’s not an expiry problem.
Thank you @webprofusion, I have since disabled the firewall completely, restarted the server severally. I will work on the ISP but I have always use the same connection, it was working fine until recently. let me add that the server is reachable via http but not https even the port 80 is reachable. http://apps.e13solution.com or http://154.118.66.83:8069/ are reachable. Even http://154.118.66.80/ will connect.
@webprofusion Thank you again, I have resolved it. the problem as you mentioned was related to port 80 been inaccessible. Everything is working fine now.
1 Like