Let's Encrypt certificate - Some challenges have failed

NethServer Version: 7.9.2009
Module: ldap local - email - web top

I installed new nethserver with indicated module, I tried to activate let’s encrypt but i receive all time this information
"Verifica fallita: Challenge fallita per questi domini ..** "

    • On DNS record matrix provider, my email name server it was registered with IP in record A
    • As well it was registered in PTR record from my ISP provider
    • Reserved public IP is forwarded on internal IP server, so all port is open.

I have different nethserver email server installed with same setting and they work properly with lets encrypt.

I made some test, probably the issue is due to port 80 from web unreachable.

  1. If I test nethserver port 80 from my internal network the port responde,
  2. if I test port 80 from web site is unreachable.
  3. Reserved public IP, is forwaded (NAT) over this nethserver internal mail, all other mail port reply correctly (for example 993-465-25-443), excepted only 80.

I dont undestand may be could be a wrong setting in provider domain name matrix. I use register.it

How can I try to solve this issue ?

Follow letsencrypt.log

Domain: posta.mauitech.eu
Type: connection
Detail: Fetching http://posta.mauitech.eu/.well-known/acme-challenge/ayQ88DP069CMpYCpiKfq35YLzjihes_GV1xEjT3_BVk: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2021-03-21 12:46:19,651:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

2021-03-21 12:46:19,652:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-03-21 12:46:19,652:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-03-21 12:46:19,652:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/ayQ88DP069CMpYCpiKfq35YLzjihes_GV1xEjT3_BVk
2021-03-21 12:46:19,652:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-03-21 12:46:19,652:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==1.11.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1421, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1294, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 135, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 441, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
2021-03-21 12:46:19,653:ERROR:certbot._internal.log:Some challenges have failed.

Thank’s

Figure out what’s blocking port 80, and remove it. In .us, I’d assume it’s that the ISP is blocking port 80; I don’t know how likely that is where you are though. But either the ISP’s blocking it, or your router isn’t forwarding the port properly.

If you can’t open port 80, you can consider using DNS validation instead. I have a couple of guides on that:
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_acme-dns

1 Like

Perfetc working