Acme:error:connection when redirecting authorization requests from IIS to nginx


#1

Hi folks,

i am struggling for hours with getting lets encrypt run in my little cloud environment.
I have 2 machines:

  • One Ubuntu Box (which is my certificate server and manages all certificates for the cloud)
  • One Windows Server which is running IIS 8.5

Since I don’t want my windows server to deal with the certification process and process everything on my ubuntu box I have configured forwards in IIS on the acme-challenge path to redirect to my ubuntu box.
The ubuntu box is running nginx is able to handle certification requests for it’s own domain names e.g.
letsencrypt certonly -a webroot --webroot-path=/var/www/html -d wp.teleclinic.com

but when I call it with any of the configured domain names pointing to the windows server e.g.
letsencrypt certonly -a webroot --webroot-path=/var/www/html -d wp.teleclinic.com -d webmail.teleclinic.com

i receive:
The server could not connect to the client to verify the domain :: Could not connect to 137.117.166.123,
Domain: webmail.teleclinic.com
Type: connection
Detail: Could not connect to 137.117.166.123

Any ideas what can cause this?
The redirect works in the browser as it should.

I also checked that all files get generated in the acme-challenge folder on by Ubuntu box.

If you want to try it out, here an example request:
http://webmail.teleclinic.com/.well-known/acme-challenge/7IQMsUcTV71Vib4neSorEGxzqqMB1LCy7WeVYBPVKug

I would really appreciate any help or suggestion that can lead to a solution.

Best,
Patrick


#2

I resolved the issue by using a subdomain instead of the IP address in my redirect. No idea why it works with it, but it’s all fine now.


#3

@ZuSe

if you still need help can you let us know how you configured the redirects. IIS has multiple methods so it may be a limitation with the method you are using

Andrei


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.