LetsEncrypt certs failing HTTP DCV again
Hello.
Started to having known error:
9:29:46 PM WARN “Let’s Encrypt™” HTTP DCV error (simplyphysicians.com): 400 urn:ietf:params:acme:error:connection (The server could not connect to a validation target) (23.237.72.202: Fetching http://simplyphysicians.com/.well-known/acme-challenge/M9so7A_vFH0rAs9uyr5JGQZyL5fPA0BijJ-RRSdxkvo: Timeout during connect (likely firewall problem))
The main problem it's that's lie: mentioned URL is opening successfully from any outside. Requested SSL, quickly read files in .well_known dir, and opened in browser.
Of course iptables are empty, no firewall, etc.
Need a real solution or at least debug steps.
-
You are running no firewall such as CSF/LFD etc? You do seem to have port 80 open to third parties (such as myself) so the only thing I can suspect on that front is some sort of ratelimit or other specific blocks of Let's Encrypts IP ranges (which they rotate occasionally to prevent allow-listing/devious IP routing issues).
I did notice going to the full URL, the server redirected me to the https (port 443) - have you got an .htaccess file which is doing automatic HTTPS redirects without having exclusions for .well-known/acme-challenge : it should have an exclusion such as:
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Do you see anything in the server's Apache logs for the request from Let's Encrypt?
0 -
It looks like the issue resolved itself as I see the SSL is now good until May 2025.
0
Please sign in to leave a comment.
Comments
2 comments