NethServer Version: 7.9.2009
Module: Let’s Encrypt Cert
Certificate got messed up through some hardware change. Applied for new certificate, result denied, unable to validate domain. Let’s Debug shows that there is no
ANotWorking
ERROR
mddomain has an A (IPv4) record (135.180.185.75) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get “http:/mydomain/.well-known/acme-challenge/letsdebug-test”: dial tcp 135.180.185.xxx:80: connect: no route to host
Trace:
@0ms: Making a request to http://remote.billeskov.us/.well-known/acme-challenge/letsdebug-test (using initial IP 135.180.185.xxx)
@0ms: Dialing 135.180.185.xxx
@3081ms: Experienced error: dial tcp 135.180.185.xxx:80: connect: no route to host
ERROR
A test authorization for remote.billeskov.us to the Let’s Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
135.180.185.xxx: Fetching http://mydomain/.well-known/acme-challenge/e44rBAUF_UbNGXKy-KA0cG4PtVil6G9AAyBr6yZKb40: Error getting validation data
As far as I can tell tell port 80 is open and firewall so indicates. DNS records A and Cname are correct.
The logs at /var/log/letsencrypt show the following:
2023-03-18 12:51:31,501:DEBUG:certbot._internal.main:certbot version: 1.11.0
2023-03-18 12:51:31,501:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-03-18 12:51:31,502:DEBUG:certbot._internal.main:Arguments: [‘–text’, ‘–non-interactive’, ‘–agree-tos’, ‘–email’, ‘me@mydomain’, ‘–preferred-challenges’, ‘http’, ‘–webroot’, ‘–webroot-path’$$-path’, ‘/var/www/html/’, ‘-d’, ‘mydomain’, ‘–test-cert’, ‘–preferred-chain’, ‘ISRG Root X1’, ‘–quiet’]
2023-03-18 12:51:31,502:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-03-18 12:51:33,204:DEBUG:certbot._internal.log:Root logging level set at 30
2023-03-18 12:51:33,205:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-03-18 12:51:33,208:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-03-18 12:51:33,218:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f0c127f2f10>
Prep: True
2023-03-18 12:51:33,219:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f0c127f2f10> and installer None
2023-03-18 12:51:33,220:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-03-18 12:51:33,751:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2023-03-18 12:51:33,805:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2023-03-18 12:51:33,948:DEBUG:urllib3.connectionpool:“GET /directory HTTP/1.1” 200 830
2023-03-18 12:51:33,950:DEBUG:acme.client:Received response:
HTTP 200
content-length: 830
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Sat, 18 Mar 2023 19:51:33 GMT
x-frame-options: DENY
content-type: application/json
{
“TttCUJTmeLk”: “Adding random entries to the directory - API Announcements - Let's Encrypt Community Support”,
“keyChange”: “https://acme-staging-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf”,
“website”: “Staging Environment - Let's Encrypt”
},
“newAccount”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-order”,
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Sat, 18 Mar 2023 19:51:33 GMT
x-frame-options: DENY
content-type: application/json
{
“TttCUJTmeLk”: “Adding random entries to the directory - API Announcements - Let's Encrypt Community Support”,
“keyChange”: “https://acme-staging-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf”,
“website”: “Staging Environment - Let's Encrypt”
},
“newAccount”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-order”,
“renewalInfo”: “https://acme-staging-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/”,
“revokeCert”: “https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert”
}
I have no clue what is going on here. Can anyone tell what’s wrong here?