Help required: "Error getting validation data" error although DNS is pointing to host

Question

Help required: "Error getting validation data" error although DNS is pointing to host

Closed this issue 9 months ago · 1 comments

I have a domain mydomain setup at DuckDNS with its IPv6 pointing to my router which forwards port 80 and 443 to my laptop. I have a DS-Lite subscription, i.e I only have a publically available IPv6 address. I removed the IPv4 entry from DuckDNS (although it made no difference either).

I proved this is working by spinning up a nginx container listening on port 80: Its welcome page shows up when I navigate my browser to http://mydomain.duckdns.org.

Here's the docker-compose:

version: '3'

services:
  # Used in place of https-portal for a test of the DNS resolution
  # nginx:
  #   image: nginx:latest
  #   ports:
  #     - '80:80'
  https-portal:
    image: steveltn/https-portal:1
    ports:
      - '80:80'
      - '443:443'
    environment:
      DOMAINS: 'mydomain.duckdns.org'
      #  STAGE: 'local' # <- Shows the HTTPS-PORTAL welcome page as expected
    volumes:
      - https-portal-data:/var/lib/https-portal

volumes:
    https-portal-data: # Recommended, to avoid re-signing when upgrading HTTPS-PORTAL

When I run this (STAGE: staging) I get the following error:

{
    "status": "invalid",
    "challenges": [
        {
            "status": "invalid",
            "validationRecord": [
                {
                    "url": "http://mydomain.duckdns.org/.well-known/acme-challenge/cKrlwA4x5QEQSXZQO2CZKLgyMcbFm4o4XxKDoxcdD2o",
                    "hostname": "mydomain.duckdns.org",
                    "addressUsed": "2a02:8109:...:4a6", // made unrecognisable here and thereafter, it is the ipv6 address of my laptop
                    "port": "80",
                    "addressesResolved": [
                        "2a02:8109:...:4a6"
                    ]
                }
                // ... identical entry again
            ],
            "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10156520334/G6DzSQ",
            "token": "cKrlwA4x5QEQSxxxxxxxxxx4XxKDoxcdD2o", // anonymized
            "error": {
                "status": 400,
                "type": "urn:ietf:params:acme:error:connection",
                "detail": "2a02:8109:...:4a6: Fetching http://mydomain.duckdns.org/.well-known/acme-challenge/cKrlwA4x5QEQSxxxxxxxxxx4XxKDoxcdD2o: Error getting validation data"
            },
            "validated": "2023-12-20T16:52:52Z",
            "type": "http-01"
        }
    ],
    "identifier": {
        "type": "dns",
        "value": "mydomain.duckdns.org"
    },
    "expires": "2023-12-27T16:52:49Z"
}

Do I read correctly that Fetching http://mydomain.duckdns.org/.well-known/acme-challenge/cKrlwA4x5QEQSxxxxxxxxxx4XxKDoxcdD2o: Error getting validation data means the request returned no data at all?

What could be possible reasons for that?
Is there any way to debug or add verbose logs?
What else could I test?

Thank you very much!

Answer 1 · 2023-12-22T20:22:23.000Z

Never mind – user error! The tests I did where not passing through the routers firewall but took the shortcut through the internal network. The router did not update the interface id of my device properly so the firewall rule for that port did not apply. After all, it was a DNS error … Happy xmas everyone and thanks for this project!!