Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Failed to validate ownership of domainName

See original GitHub issue

I’m trying to setup Lets Encrypt on my server, and all the time I get this error:

Apr 18 20:51:51 prestaservi.net dotnet-example[6746]: [20:51:51 DBG] Confirmed challenge request for GIf5_w2zI80eTzMBnBYTHr7fu0hjHVxOLmefkKQGKbg
Apr 18 20:51:51 prestaservi.net dotnet-example[6746]: [20:51:51 DBG] Confirmed challenge request for GIf5_w2zI80eTzMBnBYTHr7fu0hjHVxOLmefkKQGKbg
Apr 18 20:51:53 prestaservi.net dotnet-example[6746]: [20:51:53 ERR] Failed to validate ownership of domainName 'prestaservi.net'. Reason: urn:ietf:params:acme:error:connection: Fetching http://prestaservi.net/.well-known/acme-challenge/zt1_DaK9LlMgueAyn4FNAOKLABFX_mi02lQTWEhx9aI: Connection refused, Code = BadRequest
Apr 18 20:51:53 prestaservi.net dotnet-example[6746]: [20:51:53 ERR] Failed to validate ownership of domainName 'www.prestaservi.net'. Reason: urn:ietf:params:acme:error:connection: During secondary validation: Fetching http://www.prestaservi.net/.well-known/acme-challenge/GIf5_w2zI80eTzMBnBYTHr7fu0hjHVxOLmefkKQGKbg: Connection refused, Code = BadRequest

My domain (prestaservi.net) points to my server’s ip. I also added UseStaticFiles() with file provider pointing to a folder (.well-known) created in the server root directory.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:4
  • Comments:25 (10 by maintainers)

github_iconTop GitHub Comments

3reactions
andrewjsaidcommented, May 24, 2020

I retract my last comment - it was a problem with my setup and not with this library. I was running it behind a docker container and did not have ENV ASPNETCORE_URLS="https://+;http://+"

I have now set that and it works (even with HttpsRedirection).

1reaction
natemcmastercommented, May 24, 2020

This error can occur for reasons beyond the control of this library, but there could also be bugs in this library. In the HTTP-01 challenge, Let’s Encrypt’s CA servers are attempting to send a HTTP request to your host. If you Google “urn:ietf:params:acme:error:connection: Connection refused”, you’ll find lots of posts related to this subject as this is a common problem with the HTTP-01 challenge. Here are some common causes:

  • Your server hasn’t exposed port 80 to the internet. Some firewall or ISP is blocking this incoming request.
  • Your server is taking HTTP traffic, but not on port 80 (ACME protocol does not allow using any other port for the HTTP-01 challenge)
  • Your DNS or IP addresses aren’t configured correctly to accept incoming traffic.
  • You server hasn’t started accepting traffic yet, although this should have been addressed in the 0.5.0 update with this fix: https://github.com/natemcmaster/LettuceEncrypt/pull/74

There may be other bugs in this library causing the problem, which I haven’t identified yet. This is part of why I implemented the TLS-ALPN-01 challenge as well #76. LettuceEncrypt will attempt to use both TLS-ALPN-01 and HTTP-01. Successful verification of either is sufficient. Note: using TLS-ALPN-01 requires serving HTTPS on port 443.

  Using account [is this supposed to be secret?]

@Donistivanov - try also adding an HTTPS port on 443. Also, the account ID with Let’s Encrypt doesn’t need to be secret. You authenticate to this account with a private key which is stored using the IAccountStore interface (by default, put into a folder in AppContext.BaseDirectory.

@andrewjsaid - thanks for the update. I’m assuming this means the TLS-ALPN-01 challenge worked, but there may still be issues with HTTP-01.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Failed to validate ownership of domainName · Issue #65
I'm trying to setup Lets Encrypt on my server, and all the time I get this error: Apr 18 20:51:51 prestaservi.net dotnet-example[6746]: ...
Read more >
Domain Ownership Verification Failed - Help
You have created a TXT entry with the domain name _acme-challenge.jtlandpartners.com . But your menu adds your domain name, so you have the ......
Read more >
My domain verification failed - Google Workspace Admin ...
If you get an error that says your domain verification failed, it could be due to timing or how you entered the verification...
Read more >
Validating domain ownership - AWS Certificate Manager
You can choose to prove your ownership with either Domain Name System (DNS) validation or with email validation at the time you request...
Read more >
Proof of domain ownership has failed error - Exchange
This problem occurs if proof of ownership for the domain is required. If an existing federation trust isn't present, the Hybrid Configuration ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Add Digital Ocean and Docker Use Case

Next page

staging server: 'Please upgrade your ACME client to a version that supports ACMEv2'