[BlueOnyx:27262] Re: Letsencrypt update failure

Taco Scargo taco at blueonyx.nl
Thu Sep 26 00:42:18 -05 2024 

I have seen this behaviour a lot on sites that have very strong .htaccess files, that redirect all “unknown” requests to somewhere else. Please check if the site has a .htaccess file

Taco

> On 26 Sep 2024, at 00:51, Michael Stauber via Blueonyx <blueonyx at mail.blueonyx.it> wrote:
> 
> Hi Neil,
> 
>> Yes I was running firewalld on the server.
>> I've stopped it and tried again, and get exactly the same result.
>> Could it be a timeout setting on the LetEncrypt renewal that they've introduced whose default just doesn't work for me?
> 
> No, this looks like a general connectivity issue. Let's take a look at the logfile you posted:
> 
>> [Wed 25 Sep 09:31:15 BST 2024] _ret='0'
>> [Wed 25 Sep 09:31:15 BST 2024] code='400'
>> [Wed 25 Sep 09:31:16 BST 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/408160023526/19mPsQ'
>> [Wed 25 Sep 09:31:16 BST 2024] payload='{}'
>> [Wed 25 Sep 09:31:16 BST 2024] POST
>> [Wed 25 Sep 09:31:16 BST 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/408160023526/19mPsQ'
>> [Wed 25 Sep 09:31:16 BST 2024] _CURL='curl --silent --dump-header
> 
> When you take a look at that URL in the browser ...
> 
> https://acme-v02.api.letsencrypt.org/acme/chall-v3/408160023526/19mPsQ
> 
> ... you see that ACME tried to connect to this URL:
> 
> http://<domain>.co.uk/.well-known/acme-challenge/U5-4FE5ZbLFUVGwfNcB69VHn0aVwSUxABEmBAu3OqGQ"
> 
> That's without the "www." in front and it also shows the IP and port that it tried. And the connection timed out without a response. Hence you got the "Timeout during connect (likely firewall problem)".
> 
> When I try to connect to that URL in my browser? I the connection *also* does not go through and simply times out.
> 
> I checked the DNS and it has DNS records and the IP starts with 90 and ends with 200. I can't ping it. I can telnet to port 25 on that IP and see that Postfix answers. But Apache? No dice on ports 80 or 443.
> 
> So you do have something in place that blocks access to Apache and that's why the connection doesn't go through and validation fails.
> 
> If its not Firewalld on the server itself, then it is perhaps something in front of the server that blocks access.
> 
> -- 
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list