The ACME service (directory) is unavailable

Hi, I’ve just noticed that my certify installation is no longer renewing ceriticates for my domain.

I have verified that I can access “.well-known/acme-challenge/configcheck” via a broswer with the result “Extensionless File Config Test - OK”.

However testing or renewing fails with “Could not verify URL is accessible: http:///.well-known/acme-challenge/configcheck”

The certify log however states: “The ACME service (directory) is unavailable.”

I can’t find any references to the logged error, does anyone have any suggestions on what else to look at?

Thanks, in advance.

Hi, this error message was recently added, which is interesting. This should only occur if the app is failing to speak to the ACME API service (e.g. the Let’s Encrypt API). Which would usually be because the machine firewall prevents outgoing https. Is the same machine able to directly browse to https://acme-v02.api.letsencrypt.org/ ?

Let’s Encrypt do have some maintenance downtime scheduled for their service tomorrow but there shouldn’t be any issues just now and it’s currently working for me.

If the problem persist feel free to send your log file through to support {at} certifytheweb.com

Thanks for clarifiying the error, and pointing me in the right direction.

Everything needed appears to work outbound, but when I run a manual certbot challenge I get a “Connection reset by peer” error.

I now believe that this is likely caused by recently implimented DDoS mitgations on our managed firewall, eg. geo-blocking on our domain is preventing lets encrypt from accessing the acme-challenge address.

Let’s Encrypt is also under DDOS Let's Encrypt's performance is currently degraded due to a DDoS attack | Hacker News