Let's Encrypt Failure: Timed Out

letsencrypt
Tags: #<Tag:0x00007fb47d3633f8>

#1

I seem to be having some difficulties with getting my server a Let’s Encrypt certificate. From the error message that appears, it seems that I’ve almost done everything right, but the process gets hung while trying to complete verification. Here’s what I get for the generation failure. Note that I’ve replaced my website with “website”

Processing: pbx.website.com, Local IP: 127.0.0.1, Public IP: 173.63.111.102
Self test: trying http://pbx.website.com/.freepbx-known/ec383f0a18b286d659a24ab86f2fb435
Self test: received ec383f0a18b286d659a24ab86f2fb435
lechecker: Pest_Curl_Exec - Operation timed out after 30001 milliseconds with 0 out of -1 bytes received
Getting list of URLs for API
Requesting new nonce for client communication
Account already registered. Continuing.
Sending registration to letsencrypt server
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct
Account: https://acme-v02.api.letsencrypt.org/acme/acct/130834294
Starting certificate generation process for domains
Requesting challenge for pbx.website.com
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/14980698989
Got challenge token for pbx.website.com
Token for pbx.website.com saved at /var/www/html/.well-known/acme-challenge/gmGfckNB8doLXijlH-u68iXBnNz79igm8u1a0wVmhY0 and should be available at http://pbx.website.com/.well-known/acme-challenge/gmGfckNB8doLXijlH-u68iXBnNz79igm8u1a0wVmhY0
Sending request to challenge
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14980698989/3WfoZw
Verification pending, sleeping 1s

Any insight as to why this is happening would be greatly appreciated.


(Santiago Pioli) #2

It looks like you are using ‘pbx.website.com’ as the FQDN and it’s not a valid domain name to reach you PBX. If you don’t own a valid FQDN for your public IP/PBX I suggest you use DDNS (if available for you).

Regards.


#3

Would you be able to point me in the right direction towards a DDNS service?


#4

That’s not the problem.

If the fqdn wasn’t resolvable, the “public ip" in the log would show a dns error and lechecker would immediately complain about the fqdn instead of timing out, as would the let’s encrypt service.

98% odds it’s an upstream firewall issue - blocking port 80, improper port forwarding, or the public fqdn points to the wrong IP.