Failure "During secondary validation"

shalla · August 24, 2021, 5:25pm

During secondary validation: Fetching http://thepass.pvihs.org/.well-known/acme-challenge/p0IT1W6tgbNXiSsf12IAnwYLELqGd3yvJPmHax5Ioco: Timeout during connect (likely firewall problem) BadRequest urn:ietf:params:acme:error:connection

Nothing I have tried will work. Any ways to solve this problem are appreciated.

webprofusion · August 25, 2021, 2:30am

Hi Steve, I’ve replied to your email (looks like our zoho helpdesk ticketing system failed to send for some reason). This is a firewall problem, either something is blocking port 80 or something is selectively filtering/blocking connections.

Check you can connect to your website using http:// (not just https)

shalla · August 25, 2021, 3:06pm

This is a internal site, not internet facing site. Have been trying to renew certificate using Certify UI, nothing is working.

Seems I will need to seek a refund of Certify SSL Manager if I can not get this to work.

webprofusion · August 26, 2021, 1:47am

Hi Steve,

Yes, we will absolutely issue a refund if you request it (or even if you don’t, if we strongly believe you have made your purchase in error). From your description so far it doesn’t seem like you are aware of how the process works (Requesting a Certificate | Certify The Web Docs)

Domain validation is a fundamental step of certificate issuance (it can either be via http or via DNS validation), if you are unable to use these methods then you will be unable to use Let’s Encrypt or any other ACME certificate authority for your certificates.

In addition, our free community edition is there for people to evaluate whether or not it works for them but it looks like you’ve chosen to just install the app and purchase a license key without checking if you can get it to work or not.

Let’s Encrypt works like this:

You request a certificate for a domain
Let’s Encrypt asks you (via the app) to validate you control the domain, in this case thepass.pvihs.org. You can do this either by presenting a special file on your website or by adding/updating a TXT record in your domains DNS. Certify performs this automatically but you need to configure it for your preferred validation method.

If your website is internal you cannot use http validation, so you need to use DNS validation (either via a supported DNS API or using Certify DNS for CNAME redirection).

Let me know if you want to cancel your license key and get the refund, it’s absolutely no problem for us to issue that.