FreePBX | Register | Issues | Wiki | Portal | Support

LetsEncrypt certificate token not available

(R2E) #1

I receive the following error when I attempt to generate a LetsEncrypt cert:
There was an error updating the certificate: Please check h:// - token not available

The error occurs regardless of firewall enabled or disabled.

Using curl on another system on a different external network successfully retrieves the URL when the firewall is disabled:
curl h://

Are there any log files that I can check to determine what’s causing the failure of LE to verify the URL regardless of firewall setting?

(James Zhu) #2

please check the /var/log/asterisk/ucp_error, what about the hostname? LE is very troublesome.

(Andrew Nagy) #3

Ucp has nothing to do with this

(James Zhu) #4

just test freepbx-14, I also generate same error(disable firewall):
There was an error updating the certificate: Error ‘Requested host ‘’ does not resolve to ‘’ (Found’ when requesting

(R2E) #5

I decided to utilize h:// which delegates to Let’s Encrypt for the cert creation. I then used the manual upload feature of FreePBX to upload the certificate. The odd thing is that Let’s Encrypt successfully reached my FreePBX server to validate the ownership, but the automated process built into FreePBX does not complete successfully regardless of firewall status. If I knew which logs to check I could provide additional info.

(ahtoh) #6

I also have this “token not available” error.
Checked httpd logs and only see a request from which is IP and no requests from letsencrypt. - - [07/May/2018:17:43:11 +0000] “GET /.freepbx-known/68138d20c33d23d102b89d0749eb4591 HTTP/1.1” 200 32 “-” “-”

Is there any logs or other way to diagnose this error?

(Jacques Paquin) #7

In Admin->System Admin->Hostname I put in the hostname that LetsEncrypt was trying to find and voila everything worked.

I had this issue. I could see the request for that URL coming through my pfSense firewall, but it wasn’t coming from a LetsEncrypt mirror.

I tried every iteration of firewall configuration in FreePBX, but that was the final piece needed to make it work.

[HELP] New Let's Encrypt Certificate FreePBX 14.0 for WebRTC
(Pavle Milanovic) #8

Just wanted to thank you, this was my issue too! As soon as I put the Hostname in SysAdmin to be the same thing as the Hostname in LetsEncrypt creation, it all worked perfectly!

(Michael Cramer) #9

This should probably be in the cert manager wiki…

(Andrew Nagy) #10

No because you don’t need to do this.

(Michael Cramer) #11

I’m not sure why setting the hostname worked then. I checked permissions, updated modules, messed with the router, did a pcap on port 80, everything seemed to check out. When I changed the hostname it worked first try, super easy, no issues, no other changes.

Perhaps it’s specific to certain environments.


Well, darn. That worked. Thanks.

(MarkC) #13

Hot dang !! Well what do you know, this worked for me as well. I have been mucking around for ages troubleshooting this, THANK-YOU !!

My configuration is:

  • I have a that will resolve to the public IP of the company Firewall
  • the company firewall allows the various letsencrypt/freepbx hosts through via a port forward to the PBX (port 80)
  • the PBX firewall also allows the various letsencrypt/freepbx hosts through

I could bring up the generated token via http from several outside locations but it was still failing with the “token not available” error.

A quick change of the host name from the default uc-XXXXXXXXX to my
and voila. worked first try. now I am curious as to the actual mechanics of why this works. interesting