[Krydos] Could not issue an SSL/TLS certificate

[kkaviani]

Hi,

I have two apps under my account kkaviani in Tommy. I recently got several emails from Heliohost saying that the TLS certificates could not be renewed. So as of today, the certificates have all expired. When I go to renew them by clicking Reissue Certificate, I get this error:

Could not issue an SSL/TLS certificate for qasemghazanfar.com
Details

Could not issue a Let's Encrypt SSL/TLS certificate for qasemghazanfar.com. Authorization for the domain failed.

Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/xxxxx/xxxxx.

Details:

Type: urn:ietf:params:acme:error:connection

Status: 400

Detail: xx.xx.xxx.xx: Fetching https://qasemghazanfar.com/.well-known/acme-challenge/xxxxx: Timeout during connect (likely firewall problem)

 

Is the Tommy server having firewall problems when obtaining new TLS certificates from this ACME API?

Thanks for your help.

 

[wolstech]

Could be. I just tried and got the same timeout error even though your site otherwise works fine (ignoring the security warnings). The problem with it being a firewall issue is that LE refuses to publish what IPs their verifications come from. Krydos may have a better idea how to troubleshoot this.

I tried unblocking the IPs that were recently blocked on Tommy in the past 3 days but that didn't help, and I don't know where the firewall logs are...