Let's Encrypt error

Hello,

I am new here - just installed UCS and wanted to lock it down so I installed the Let’s Encrypt app. I inserted my domain and selected Use Apache but my status is as follows:

Current status of the App

ValueError: Challenge did not pass for cloud.keypointpartners.com: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://cloud.keypointpartners.com/.well-known/acme-challenge/LvF3Ak3tChXe0BqZ1T6oS5pe6sC64gkbgiGq_1RyADg', u'hostname': u'cloud.keypointpartners.com', u'addressUsed': u'100.0.24.202', u'port': u'80', u'addressesResolved': [u'100.0.24.202']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/11465306451/UwGiNw', u'token': u'LvF3Ak3tChXe0BqZ1T6oS5pe6sC64gkbgiGq_1RyADg', u'error': {u'status': 400, u'type': u'urn:ietf:params:acme:error:connection', u'detail': u'Fetching http://cloud.keypointpartners.com/.well-known/acme-challenge/LvF3Ak3tChXe0BqZ1T6oS5pe6sC64gkbgiGq_1RyADg: Timeout after connect (your server may be slow or overloaded)'}, u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'cloud.keypointpartners.com'}, u'expires': u'2021-03-17T22:09:58Z'}

My Let’s Encrypt log looks like:

> Wed Mar 10 15:30:27 EST 2021
> Refreshing certificate for following domains:
> cloud.keypointpartners.com
> Parsing account key...
> Parsing CSR...
> Found domains: cloud.keypointpartners.com
> Getting directory...
> Directory found!
> Registering account...
> Registered!
> Creating new order...
> Order created!
> Verifying cloud.keypointpartners.com...
> Traceback (most recent call last):
>   File "/usr/share/univention-letsencrypt/acme_tiny.py", line 197, in <module>
>     main(sys.argv[1:])
>   File "/usr/share/univention-letsencrypt/acme_tiny.py", line 193, in main
>     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
>   File "/usr/share/univention-letsencrypt/acme_tiny.py", line 149, in get_crt
>     raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
> ValueError: Challenge did not pass for cloud.keypointpartners.com: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://cloud.keypointpar$
> Create letsencrypt/status
> Setting letsencrypt/services/apache2
> File: /etc/apache2/sites-available/univention-letsencrypt.conf
> W: The config registry variable 'apache2/ssl/certificatechain' does not exist
> Unsetting apache2/ssl/certificate
> Unsetting apache2/ssl/key
> Multifile: /etc/simplesamlphp/metadata/saml20-idp-hosted.php
> Multifile: /etc/apache2/sites-available/default-ssl.conf

I have both ports 80 and 443 open on my firewall.

Any help is greatly appreciated. Thank you.

Hi,

your UCS must be reachable by Port 80 from the internet and the DNS entry must point to your server.
Please see:
Let’s encrypt and univention
Lets Encrypt error /schlägt fehl
Cannot retrieve Let’s Encrypt certificates

Best regards
Jan-Luca

Thank you. Turned out to be a firewall issue. All set now.

Mastodon