Certificates for Server Services Not working [SOLVED]

[sanxh]

hello guys,
I cannot secure my server with Let's Encrypt certificate. Only self-signed is done even I choose Let's Encrypt.
I am behind Cloudflare with no proxy.
But The domain I add to the server can secure with Let's Encrypt.

[Alexander]

Hello,

have a look into "System Status" -> "Error Log" (-> ssl-maintenance) or "Error Protocol" (search for *******).
There you can find the corresponding error message.

(There also should be topics in this forum regard Cloudflare and Let's Encrypt)

[sanxh]

Failed to aquire a Let's Encrypt certificate for server services.
Verification ended with an error.

Code: Select all

Details: *****: Fetching https://*****/.well-known/acme-challenge/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI: Timeout during connect (likely firewall problem)
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/365474060687\/BzeDvQ","status":"invalid","validated":"2024-06-18T08:00:06Z","error":{"type":"urn:ietf:params:acme:error:connection","detail":"*****: Fetching https:\/\/*****\/.well-known\/acme-challenge\/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI: Timeout during connect (likely firewall problem)","status":400},"token":"sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI","validationRecord":[{"url":"http:\/\/*****\/.well-known\/acme-challenge\/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI","hostname":"*****","port":"80","addressesResolved":["167.235.57.106","2a01:4f8:1c1c:2982::"],"addressUsed":"*****"},{"url":"http:\/\/*****\/.well-known\/acme-challenge\/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI","hostname":"*****","port":"80","addressesResolved":["167.235.57.106","2a01:4f8:1c1c:2982::"],"addressUsed":"*****"},{"url":"https:\/\/*****\/.well-known\/acme-challenge\/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI","hostname":"*****","port":"443","addressesResolved":["167.235.57.106","2a01:4f8:1c1c:2982::"],"addressUsed":"*****"}]}

[Alexander]

It seems, there are some connection issues by the Let's Encrypt Authority lately - It may be related:

viewtopic.php?t=13273

https://community.letsencrypt.org/t/tim ... /220235/14

---

Anyway, make sure your DNS settings are correct, and all IPsv4 / IPv6 are routed correctly. Also check if the firewall, like it is mentioned in the error message, does not cause any errors.

[sanxh]

Failed to aquire a Let's Encrypt certificate for server services.
Curl: SSL connection timeout (https://acme-v02.api.letsencrypt.org/acme/new-acct)

[sanxh]

Failed to aquire a Let's Encrypt certificate for nextcloud.*****.
Curl: SSL connection timeout (https://acme-v02.api.letsencrypt.org/ac ... 797/bGu-NQ)

[24unix]

I saw your post on LE site in my thread, seems like we struggle the same problem.

I see your ports open.

Code: Select all

❯ nmap -p80,443 nextcloud.*****
Starting Nmap 7.93 ( https://nmap.org ) at 2024-06-18 12:27 CEST
Nmap scan report for nextcloud.***** (*****)
Host is up (0.0011s latency).
Other addresses for nextcloud.***** (not scanned): *****
rDNS record for *****: *****

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

[sanxh]

Failed to aquire a Let's Encrypt certificate for server services.
Verification ended with an error.

Code: Select all

Details: *****: Fetching https://*****/.well-known/acme-challenge/xfdLl_sVb3r3XrTSNgMW1BGFlYxnSY2IIfGZNv_gDbQ: Timeout during connect (likely firewall problem)
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/365537205177\/YzUfYA","status":"invalid","validated":"2024-06-18T11:33:06Z","error":{"type":"urn:ietf:params:acme:error:connection","detail":"*****: Fetching https:\/\/*****\/.well-known\/acme-challenge\/xfdLl_sVb3r3XrTSNgMW1BGFlYxnSY2IIfGZNv_gDbQ: Timeout during connect (likely firewall problem)","status":400},"token":"xfdLl_sVb3r3XrTSNgMW1BGFlYxnSY2IIfGZNv_gDbQ","validationRecord":[{"url":"http:\/\/*****\/.well-known\/acme-challenge\/xfdLl_sVb3r3XrTSNgMW1BGFlYxnSY2IIfGZNv_gDbQ","hostname":"*****","port":"80","addressesResolved":["*****","*****"],"addressUsed":"*****"},{"url":"http:\/\/*****\/.well-known\/acme-challenge\/xfdLl_sVb3r3XrTSNgMW1BGFlYxnSY2IIfGZNv_gDbQ","hostname":"*****","port":"80","addressesResolved":["*****","*****"],"addressUsed":"*****"},{"url":"https:\/\/*****\/.well-known\/acme-challenge\/xfdLl_sVb3r3XrTSNgMW1BGFlYxnSY2IIfGZNv_gDbQ","hostname":"*****","port":"443","addressesResolved":["*****","*****"],"addressUsed":"*****"}]}

[sanxh]

Code: Select all

Starting Nmap 7.80 ( https://nmap.org ) at 2024-06-18 08:01 EDT
Nmap scan report for ***** (*****)
Host is up (0.11s latency).
Other addresses for ***** (not scanned): *****
Not shown: 88 filtered ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
465/tcp open  smtps
587/tcp open  submission
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds

[Florian]

Hallo,

your servername resolves to

Code: Select all

*****

that is used by LE

Is this IPv6 working? Normally this is only the address for a network, there should be something more behind ::

[sanxh]

Thanks. Resolved.
Problem was with ipv6.