For some reason, it appears that Lets Encrypt is not including ".well-known" in the URL when attempting to validate.
Any thoughts on how to fix this?The domain in question has been replaced with example.com for security.
Response:Failed authorization procedure. example.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://example.com/acme-challenge/y33OwEvy3VqJ07hZRlpsYqNO968GSluSboaJR... Error getting validation data, www.example.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://example.com/acme-challenge/XYjGVIrLWqMo99odNABe9WAbjqHq2RgOtLxyq... Error getting validation data, autodiscover.example.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://example.com/acme-challenge/TIKhJ61ACpUAA-sf38BzGfh8rzpzFPB7ukevD... Error getting validation data, autoconfig.example.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://example.com/acme-challenge/-uoeNWjMJceTs69SMihErNM28ZGEytoYGUuB1... Error getting validation data IMPORTANT NOTES: - The following errors were reported by the server:
Domain: example.com Type: connection Detail: Fetching https://example.com/acme- challenge/y33OwEvy3VqJ07hZRlpsYqNO968GSluSboaJR2MYa1I: Error getting validation data
Domain: www.example.com Type: connection Detail: Fetching https://example.com/acme- challenge/XYjGVIrLWqMo99odNABe9WAbjqHq2RgOtLxyqXd93uk: Error getting validation data
Domain: autodiscover.example.com Type: connection Detail: Fetching https://example.com/acme-challenge/TIKhJ61ACpUAA- sf38BzGfh8rzpzFPB7ukevD2hV1ug: Error getting validation data
Domain: autoconfig.example.com Type: connection Detail: Fetching https://example.com/acme- challenge/-uoeNWjMJceTs69SMihErNM28ZGEytoYGUuB1xjh3yc: Error getting validation data
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Comments
Submitted by andreychek on Mon, 11/06/2017 - 08:43 Comment #1
Howdy -- hmm, that is odd!
Had you manually installed the let's encrypt client? Or are you using the built-in Virtualmin functionality?
Also, I don't imagine there's a .htaccess file that's redirecting requests away from .well-know? That seems like a long shot, but I thought I'd ask just in case :-)
Submitted by rsecor on Mon, 11/06/2017 - 09:51 Comment #2
Virtualmin installed the client and using built-in functionality.
public_html has a .htaccess file from Magento (1.x)
public_html/.well-known has no .htaccess
public_html/.well-known/acme-challenge has the generated .htaccess file:
AuthType None
Require all granted
Satisfy any
Argh, looks like redirect hell (what else is new)... Just have to find it -- I could only imagine it is Magento related (again what else is new)...
Thoughts?
Log Example Info...
2600:3000:1511:200::1d - - [06/Nov/2017:15:16:05 +0000] "GET /.well-known/acme-challenge/STRING_OF_CHARACTERS HTTP/1.1" 302 602 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
2600:3000:1511:200::1d - - [06/Nov/2017:15:16:05 +0000] "GET /acme-challenge/STRING_OF_CHARACTERS HTTP/1.1" 302 2089 "http://example.com/.well-known/acme-challenge/STRING_OF_CHARACTERS" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
Submitted by andreychek on Mon, 11/06/2017 - 10:13 Comment #3
Would it be possible to temporarily disable the .htaccess file in the public_html folder, and then run the renewal? That will verify whether that is indeed the culprit.
While those can get pretty complicated, if that does indeed resolve it, can you post it's contents here? We'll see if there's an obvious problem in it.
Submitted by rsecor on Mon, 11/06/2017 - 11:22 Comment #4
Ok, it appears there were multiple copies of the same Redirect in the apache config file.
Additionally, there was a redirect to https inside of the SSL area of the config which was causing a loop to itself.
All good now, though might not ever figure out why it happened in the first place.
Submitted by IssueBot on Mon, 11/20/2017 - 11:30 Comment #5
Automatically closed - issue fixed for 2 weeks with no activity.