Let's Encrypt Failure: Timed Out

dsirota · July 20, 2021, 11:10am

I seem to be having some difficulties with getting my server a Let’s Encrypt certificate. From the error message that appears, it seems that I’ve almost done everything right, but the process gets hung while trying to complete verification. Here’s what I get for the generation failure. Note that I’ve replaced my website with “website”

Processing: pbx.website.com, Local IP: 127.0.0.1, Public IP: 173.63.111.102
Self test: trying http://pbx.website.com/.freepbx-known/ec383f0a18b286d659a24ab86f2fb435
Self test: received ec383f0a18b286d659a24ab86f2fb435
lechecker: Pest_Curl_Exec - Operation timed out after 30001 milliseconds with 0 out of -1 bytes received
Getting list of URLs for API
Requesting new nonce for client communication
Account already registered. Continuing.
Sending registration to letsencrypt server
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct
Account: https://acme-v02.api.letsencrypt.org/acme/acct/130834294
Starting certificate generation process for domains
Requesting challenge for pbx.website.com
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/14980698989
Got challenge token for pbx.website.com
Token for pbx.website.com saved at /var/www/html/.well-known/acme-challenge/gmGfckNB8doLXijlH-u68iXBnNz79igm8u1a0wVmhY0 and should be available at http://pbx.website.com/.well-known/acme-challenge/gmGfckNB8doLXijlH-u68iXBnNz79igm8u1a0wVmhY0
Sending request to challenge
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s

Any insight as to why this is happening would be greatly appreciated.

spioli · July 20, 2021, 2:07pm

It looks like you are using ‘pbx.website.com’ as the FQDN and it’s not a valid domain name to reach you PBX. If you don’t own a valid FQDN for your public IP/PBX I suggest you use DDNS (if available for you).

Regards.

dsirota · July 20, 2021, 2:34pm

Would you be able to point me in the right direction towards a DDNS service?

jerrm · July 20, 2021, 3:15pm

That’s not the problem.

If the fqdn wasn’t resolvable, the “public ip" in the log would show a dns error and lechecker would immediately complain about the fqdn instead of timing out, as would the let’s encrypt service.

98% odds it’s an upstream firewall issue - blocking port 80, improper port forwarding, or the public fqdn points to the wrong IP.

system · August 20, 2021, 3:16pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.