ACME Challenge Failure

Abdulla · April 29, 2018, 8:10pm

I been trying to get SSL on my domain via Caddy. I am currently runnding Caddy 0.10.14 (non-commerical). I use DynuDNS to manage my public IP and made sure that port 80/443 are pointed to the machine that is running Caddy. But, I have been getting the following errors

Apr 30 00:06:20 Caddy systemd[1]: Started Caddy HTTP/2 web server.
Apr 30 00:06:21 Caddy caddy[6498]: Activating privacy features… 2018/04/30 00:06:21 [INFO][xxx] acme: Obtaining bundled SAN certificate
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxxx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/MWKV0vlNeGm5ksDmN1c_Q1kGT2
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxxx] acme: Could not find solver for: dns-01
Apr 30 00:06:22 Caddy caddy[6498]: 2018/04/30 00:06:22 [INFO][xxxx] acme: Trying to solve HTTP-01

Apr 30 00:06:43 Caddy caddy[6498]: 2018/04/30 00:06:43 [xxxxx] failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://xxxx/.well-known/acme-challenge/LB2ur-UXS4me9bRAG63Ml4vm6zylQU5M_MzDejYiYDg: Timeout during connect (likely firewall problem)

I would appreciate any help with this

Whitestrake · April 30, 2018, 12:21am

This part means the ACME server never succeeded in making a connection to your server.

Some possible causes that we see commonly include:

The domain isn’t pointing at the correct IP address
- Is the dynamic DNS working properly?
- Did you recently change public IP address, and has the DNS change propagated yet?
The target IP address isn’t accepting connections
- Is the edge router forwarding the ports correctly?
- Is the target host’s firewall configured to accept the connections?

Abdulla · April 30, 2018, 11:30am

Thank you for your response!
I ensured that the domain is pointing to the correct IP as I nslooked up the domain and it pointed to the same IP that I got when I ran ipinfo.io.

I have difficulty confirming if the port is open on the exact machine but when I point the router to another machine running 443/80 it works.

443 Running on another machine

Host Machine Firewall Settings

Whitestrake · May 1, 2018, 1:11am

One thing you could try is to use a Caddyfile like:

example.com {
  tls self_signed
  status / 200
}

To start Caddy up without needing certificates, then run curl -kIL http://example.com/ from anywhere with an internet connection.

A good result would be an output like this:

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Type: text/html; charset=utf-8
Location: https://example.com/
Server: Caddy
Date: Tue, 01 May 2018 01:10:39 GMT

HTTP/2 200
content-type: text/html; charset=UTF-8
server: Caddy
date: Tue, 01 May 2018 01:10:40 GMT

system · July 30, 2018, 1:11am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.