Code: Select all
During the routine check of the SSL/TLS certificates, the following problems occurred:
------------------------------------
Certificate name: zzz.com (Let's Encrypt)
Verification ended with an error.
Details: 101.1.101.1: Fetching https://zzz.com/.well-known/acme-challenge/uzGGNG6sqw-PeQ9mhbSGPspu3BMcret8SBOoraY9w70: Timeout during connect (likely firewall problem)
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"101.1.101.1: Fetching https:\/\/zzz.com\/.well-known\/acme-challenge\/uzGGNG6sqw-PeQ9mhbSGPspu3BMcret8SBOoraY9w70: Timeout during connect (likely firewall problem)","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/192206579837\/JxWLlA","token":"uzGGNG6sqw-PeQ9mhbSGPspu3BMcret8SBOoraY9w70","validationRecord":[{"url":"http:\/\/zzz.com\/.well-known\/acme-challenge\/uzGGNG6sqw-PeQ9mhbSGPspu3BMcret8SBOoraY9w70","hostname":"zzz.com","port":"80","addressesResolved":["101.1.101.1","2600:a100:1111:11:ded:beeb:baab:beeb"],"addressUsed":"2600:a100:1111:11:ded:beeb:baab:beeb"},{"url":"http:\/\/zzz.com\/.well-known\/acme-challenge\/uzGGNG6sqw-PeQ9mhbSGPspu3BMcret8SBOoraY9w70","hostname":"zzz.com","port":"80","addressesResolved":["101.1.101.1","2600:a100:1111:11:ded:beeb:baab:beeb"],"addressUsed":"101.1.101.1"},{"url":"https:\/\/zzz.com\/.well-known\/acme-challenge\/uzGGNG6sqw-PeQ9mhbSGPspu3BMcret8SBOoraY9w70","hostname":"zzz.com","port":"443","addressesResolved":["101.1.101.1","2600:a100:1111:11:ded:beeb:baab:beeb"],"addressUsed":"2600:a100:1111:11:ded:beeb:baab:beeb"}],"validated":"2023-01-03T13:00:27Z"}
Valid until: 2023-01-22 23:00:30 (18 day(s) left)
I "unchecked" the following setting in Domains > Security settings for each domain, to allow HTTP access for the ACME challenge.
I noticed from the following post Alexander is doing an update for openssl:
viewtopic.php?t=12015
I am on Debian 11, and hope that this covers the hostname domain, as I have not been able to override the HTTP > HTTPS redirect found in the file:
/etc/apache2/keyhelp/keyhelp.conf
Code: Select all
# Redirect HTTP -> HTTPS
<VirtualHost *:80>
ServerName host.domain.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9]).*$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/
</IfModule>
Redirect / https://host.domain.com/
</VirtualHost>