Cannot Generate new Certificate even with resolving IP

My domain is:

I ran this command: ./letsencrypt certonly

It produced this output:

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel):
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout


  • The following errors were reported by the server:

    Type: connection
    Detail: Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): Nginx 1.4.6

The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS

My hosting provider, if applicable, is: VPS with

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No SSH Only

Also wanted to mention I have about 7-8 other websites all running with valid certs already

Just for clarity all 7 other websites are listed on however I thought about trying to run the ./certbot renew command but wasn’t sure if that would technically prove or disprove anything.

You have delegated the domain to two distinct ip adresses:

$ host has address has address

The second one does not reply to connections on port 443.

1 Like

Thanks I didn’t see that! I should have used mxtoolbox and checked into that but I was a little thrown off. I guess I’ll need to wait for that 2nd A record to drop off? I don’t have it setup in my DNS settings so I’m guessing it’s residual from the initial setup they place on each domain. Will update if it doesn’t clear itself off.

If you directly query the nameservers that the domain is delegated to, you get two addresses for You cannot just wait, you have to check the dns settings carefully or contact your provider to fix that.

1 Like

The HSP/DSP still showing:

canonical name =


1 Like

Resolution was indeed I had to contact the live chat, This was there response.
There was a small replication issue in DNS checkers when old data was cached.

Hopefully in the future if anyone has a similar issue they will find this and know to simply contact namecheap live chat. They had it fixed within 5 minutes :smile:

Thanks again this community seems awesome and I plan to stay active and part of it now that I know it’s here!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.