LetsEncrypt certs failing HTTP DCV
AnsweredHi all,
Recently used the ELevate script to upgrade a server, and changed over to LetsEncrypt for AutoSSL. It doesn't seem to be working.
For starters I'll make clear that in my org we use no DNS features at all, just the web server, so I expect DNS challenges to fail. I am, however, seeing the following:
WARN “Let’s Encrypt™” HTTP DCV error (activelearning.wordpress.thedomain): 400 urn:ietf:params:acme:error:connection (The server could not connect to a validation target) (1.2.3.4: Fetching http://activelearning.wordpress.thedomain/.well-known/acme-challenge/cMiXhVTuwEAnVF7BAz0Ye-UQLWD31oa2GnIlLw0HvjI: Connection reset by peer)
WARN “Let’s Encrypt™” HTTP DCV error (activelearning.thedomain): 400 urn:ietf:params:acme:error:connection (The server could not connect to a validation target) (1.2.3.4: Fetching http://activelearning.thedomain/.well-known/acme-challenge/Yx9pBXyO3OF8HpKCjGtCgY5yOEXlUu7Z8_jlEMFQQA8: Connection reset by peer)
I've checked the server logs and am not seeing any attempt to access these URLs, but i do see the local server checking some different files..
1.2.3.4 - - [03/May/2024:09:00:25 +0100] "GET /.well-known/acme-challenge/IBWVOWJZH2YDPP40HAI1FBL3T7WBBPV1 HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0"
1.2.3.4 - - [03/May/2024:09:00:25 +0100] "GET /.well-known/acme-challenge/AFC2CXY9HD1G9YXEP16V9M91845S6LO7 HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0"
The obvious answer here is that it may be a firewall between the server and the internet - I have checked our permiter and IPS/IDS and see nothing being denied.
I have tested for .htaccess getting in the way, and this has not helped. I can drop a test file in the acme-challenge folder and retrieve it over http from any remote hosts I try.
Anyone have any bright ideas?
-
Sorry, an update.. almost immediately after crafting this post I discovered https://letsdebug.net/ which gave me a little bit more info to trace down an IPS being more nosey than it ought to be. Will update this to say if this solves the problem.
0 -
Yep, sorted. Dunce cap on and standing in corner.
0 -
I'm glad you found a good solution!
0
Please sign in to leave a comment.
Comments
3 comments