Advertisement
Hi Everyone,<\/p>\n
We keep encountering the following error when attempting to create a Let’s Encrypt certificate on Sophos firewall as well as using win acme, and we’re not entirely sure what the root cause might be.<\/p>\n
The error message is:<\/p>\n
\"type\": \"urn:ietf:params:acme:error:connection\",\n\"detail\": \"During secondary validation: 0.0.0.0 Fetching http://web.domain.com/.well-known/acme-challenge/2465GDAAQQJJDHHDGSSW: Timeout during connect (likely firewall problem)\",\n\"status\": 400\n<\/code><\/pre>\nFrom what we can see, the path mentioned in the error (.well-known/acme-challenge/...<\/code>) does exist. We’re unsure whether anything specific needs to be configured on the server side to allow Let’s Encrypt to fetch the URL successfully.<\/p>\nShould this path be created manually, or is there another step we might be missing? Could this be related to firewall or network restrictions?<\/p>\n
Any guidance would be greatly appreciated.<\/p>","upvoteCount":6,"answerCount":5,"datePublished":"2025-06-27T10:46:20.816Z","author":{"@type":"Person","name":"spiceuser-hq9","url":"https://community.spiceworks.com/u/spiceuser-hq9"},"suggestedAnswer":[{"@type":"Answer","text":"
Hi Everyone,<\/p>\n
We keep encountering the following error when attempting to create a Let’s Encrypt certificate on Sophos firewall as well as using win acme, and we’re not entirely sure what the root cause might be.<\/p>\n
The error message is:<\/p>\n
\"type\": \"urn:ietf:params:acme:error:connection\",\n\"detail\": \"During secondary validation: 0.0.0.0 Fetching http://web.domain.com/.well-known/acme-challenge/2465GDAAQQJJDHHDGSSW: Timeout during connect (likely firewall problem)\",\n\"status\": 400\n<\/code><\/pre>\nFrom what we can see, the path mentioned in the error (.well-known/acme-challenge/...<\/code>) does exist. We’re unsure whether anything specific needs to be configured on the server side to allow Let’s Encrypt to fetch the URL successfully.<\/p>\nShould this path be created manually, or is there another step we might be missing? Could this be related to firewall or network restrictions?<\/p>\n
Any guidance would be greatly appreciated.<\/p>","upvoteCount":6,"datePublished":"2025-06-27T10:46:20.885Z","url":"https://community.spiceworks.com/t/error-while-creating-lets-encrypt-certificates/1218988/1","author":{"@type":"Person","name":"spiceuser-hq9","url":"https://community.spiceworks.com/u/spiceuser-hq9"}},{"@type":"Answer","text":"
400 is an unusual error, Bad Request means the server did not understand something
\n“400 response is typically due to malformed request syntax, invalid request message framing, or deceptive request routing”<\/p>\n
Is the path available via https://…?<\/p>","upvoteCount":1,"datePublished":"2025-06-27T16:11:48.518Z","url":"https://community.spiceworks.com/t/error-while-creating-lets-encrypt-certificates/1218988/2","author":{"@type":"Person","name":"somedude2","url":"https://community.spiceworks.com/u/somedude2"}},{"@type":"Answer","text":"
Yes, all our websites are public, so they are using HTTPS but I am not sure which path were you refering to as the websites are accessable just fine but the part .well-known/acme-challenge/… doesn’t exist so I am not sure if a specific permission should be granted for the Let’s encrypt to verify the website and create the certificate<\/p>","upvoteCount":0,"datePublished":"2025-06-27T21:57:51.098Z","url":"https://community.spiceworks.com/t/error-while-creating-lets-encrypt-certificates/1218988/3","author":{"@type":"Person","name":"spiceuser-hq9","url":"https://community.spiceworks.com/u/spiceuser-hq9"}},{"@type":"Answer","text":"
I am looking at your error message above, it is fetching via http<\/p>","upvoteCount":0,"datePublished":"2025-06-30T13:25:10.677Z","url":"https://community.spiceworks.com/t/error-while-creating-lets-encrypt-certificates/1218988/4","author":{"@type":"Person","name":"somedude2","url":"https://community.spiceworks.com/u/somedude2"}},{"@type":"Answer","text":"
Hi Spiceuser-hp9<\/p>\n
It looks like Let’s Encrypt is trying to validate your domain via HTTP (port 80), but the validation request is either being blocked or timing out<\/strong>—as the error indicates a problem fetching http://web.domain.com/.well-known/acme-challenge/...<\/code>. This is commonly caused by one of the following:<\/p>\n![\":magnifying_glass_tilted_left:\"](\"https://emoji.discourse-cdn.com/twitter/magnifying_glass_tilted_left.png?v=14\" "\\":magnifying_glass_tilted_left:\\"")
Things to Check:<\/strong><\/p>\n\n- Port 80 Accessibility<\/strong>: Even if your site is accessible over HTTPS, Let’s Encrypt still needs HTTP access for the challenge unless you’re using DNS or TLS validation. Make sure:\n
\n- Port 80 is open and accessible externally (no firewall blocks).<\/li>\n
- Any NAT or port forwarding is configured properly to reach the web server.<\/li>\n<\/ul>\n<\/li>\n
- Well-Known Directory<\/strong>: Some tools (like Win-ACME) create the
.well-known/acme-challenge<\/code> path dynamically during the challenge. You don’t usually have to create it manually—but your web server must serve it<\/strong> correctly during verification.<\/li>\n- Firewall/Web Filter (Sophos)<\/strong>: Sophos may be intercepting or blocking requests. Try temporarily disabling any web filtering features or examining the logs for blocked requests.<\/li>\n<\/ul>\n
![\":hammer_and_wrench:\"](\"https://emoji.discourse-cdn.com/twitter/hammer_and_wrench.png?v=14\" "\\":hammer_and_wrench:\\"")
Quick Fix Tip<\/strong>:
\nRun a test by placing a simple .txt<\/code> file in /.well-known/acme-challenge/<\/code> and accessing it via http://yourdomain.com/.well-known/acme-challenge/test.txt<\/code> from an external network. If it fails, your firewall or reverse proxy settings might be the culprit.<\/p>","upvoteCount":1,"datePublished":"2025-07-06T19:05:06.054Z","url":"https://community.spiceworks.com/t/error-while-creating-lets-encrypt-certificates/1218988/5","author":{"@type":"Person","name":"techcreeb","url":"https://community.spiceworks.com/u/techcreeb"}}]}}
