ACME Challenge Failure

I been trying to get SSL on my domain via Caddy. I am currently runnding Caddy 0.10.14 (non-commerical). I use DynuDNS to manage my public IP and made sure that port 80/443 are pointed to the machine that is running Caddy. But, I have been getting the following errors

Apr 30 00:06:20 Caddy systemd[1]: Started Caddy HTTP/2 web server.
Apr 30 00:06:21 Caddy caddy[6498]: Activating privacy features… 2018/04/30 00:06:21 [INFO][xxx] acme: Obtaining bundled SAN certificate
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxxx] AuthURL:
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxxx] acme: Could not find solver for: dns-01
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxx] acme: Trying to solve HTTP-01

Apr 30 00:06:43 Caddy caddy[6498]: 2018/04/30 00:06:43 [xxxxx] failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://xxxx/.well-known/acme-challenge/LB2ur-UXS4me9bRAG63Ml4vm6zylQU5M_MzDejYiYDg: Timeout during connect (likely firewall problem)

I would appreciate any help with this

This part means the ACME server never succeeded in making a connection to your server.

Some possible causes that we see commonly include:

  • The domain isn’t pointing at the correct IP address
    • Is the dynamic DNS working properly?
    • Did you recently change public IP address, and has the DNS change propagated yet?
  • The target IP address isn’t accepting connections
    • Is the edge router forwarding the ports correctly?
    • Is the target host’s firewall configured to accept the connections?
1 Like

Thank you for your response!
I ensured that the domain is pointing to the correct IP as I nslooked up the domain and it pointed to the same IP that I got when I ran

I have difficulty confirming if the port is open on the exact machine but when I point the router to another machine running 443/80 it works.

443 Running on another machine

Host Machine Firewall Settings

One thing you could try is to use a Caddyfile like: {
  tls self_signed
  status / 200

To start Caddy up without needing certificates, then run curl -kIL from anywhere with an internet connection.

A good result would be an output like this:

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Type: text/html; charset=utf-8
Server: Caddy
Date: Tue, 01 May 2018 01:10:39 GMT

HTTP/2 200
content-type: text/html; charset=UTF-8
server: Caddy
date: Tue, 01 May 2018 01:10:40 GMT

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.