[SOLVED] ACME: Error validating challenge

[bootsie123]

Hi. I'm trying to order a certificate using the ACME GUI and I keep running into an error when validating the challenge.

Loading ACME account details
Placing ACME order
Order URL: [REDACTED]

Getting authorization details from '[REDACTED]'
... pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is still 'pending', trying again in 30 seconds
TASK ERROR: validating challenge '[REDACTED]' failed

(Links removed due to public IP reasons, I can add them back if needed)

The error from the order returns:

Fetching http://example.net/.well-known/acme-challenge/cEOlJjE-AK9NhVTj5oBS8dUCkEDwxlUT32cOnc88ius: Timeout during connect (likely firewall problem)

*Note: I do not have any firewall rules setup and this occurs even with the firewall turned off

When I run netstat during the validation period it returns with:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:8006            0.0.0.0:*               LISTEN      4093/pveproxy       
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2967/rpcbind       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      55241/task UPID:vmw
tcp        0      0 127.0.0.1:85            0.0.0.0:*               LISTEN      4048/pvedaemon     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3623/sshd           
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN      4115/spiceproxy     
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      3812/master         
tcp6       0      0 :::111                  :::*                    LISTEN      2967/rpcbind       
tcp6       0      0 :::22                   :::*                    LISTEN      3623/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      3812/master         
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2967/rpcbind       
udp        0      0 0.0.0.0:1023            0.0.0.0:*                           2967/rpcbind       
udp6       0      0 :::111                  :::*                                2967/rpcbind       
udp6       0      0 :::1023                 :::*                                2967/rpcbind

So it looks like an http server is indeed listening on port 80, however, something seems to be happening where it can't connect to it. If you have any ideas let me know! Thanks!

 

[bootsie123]

Still running into the same issues. I'm not really sure what could be causing this to happen. Any ideas?

 

[bootsie123]

Managed to solve the issue. Not gonna lie, it was a pretty dumb mistake on my part. I use Proxmox as a home server and I forgot to port forward port 80 on my router and hook it up to the internal ip of Proxmox. Hence why an outside connection couldn’t connect to it on port 80.

 

[ssyntaxx]

Managed to solve the issue. Not gonna lie, it was a pretty dumb mistake on my part. I use Proxmox as a home server and I forgot to port forward port 80 on my router and hook it up to the internal ip of Proxmox. Hence why an outside connection couldn’t connect to it on port 80.

Dear god, I cannot believe I spent half an hour trying to figure out why it won't validate. Of course I forgot to port forward. Thanks for posting an update and reminding me!

 

[sive.host]

Try SSH into the server or proxmox GUI using the IP address on the URL, then go to Shell, and stop firewall: pve-firewall stop
Then try ordering the certificate again.
Remember to start the firewall again: pve-firewall start

Alternatively, add firewall rule to your Data center /and node firewall with a policy to accept incomming on tcp protocol to destination port 80