My web was on VirtualBox running Ubuntu (LAMP) and the server itself was in 2 layer NAT.
I’ve managed to sort out all port forwarding stuff and test all my site which worked fine both on LAN and WAN. My website was accessed via Dynamic DNS (iphome.net).
Here is the command I used for issuing the SLL key. (I have stop Apache service before I execute the command)
./letsencrypt-auto certonly --standalone -d boonchai.homeip.net --text -vv
Here is the result
Updating letsencrypt and virtual environment dependencies...
Requirement already up-to-date: setuptools in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: pip in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: letsencrypt in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: letsencrypt-apache in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: zope.interface in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: setuptools in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: python2-pythondialog>=3.2.2rc1 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: PyOpenSSL in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: acme==0.3.0 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: ConfigArgParse>=0.9.3 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: parsedatetime in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: configobj in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: pytz in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: psutil>=2.1.0 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: six in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: cryptography>=0.7 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: zope.component in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: mock in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: pyrfc3339 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: python-augeas in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt-apache)
Requirement already up-to-date: requests in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt)
Requirement already up-to-date: pyasn1 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt)
Requirement already up-to-date: ndg-httpsclient in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt)
Requirement already up-to-date: werkzeug in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt)
Requirement already up-to-date: idna>=2.0 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: enum34 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: ipaddress in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: cffi>=1.4.1 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: zope.event in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from zope.component->letsencrypt)
Requirement already up-to-date: funcsigs in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from mock->letsencrypt)
Requirement already up-to-date: pbr>=0.11 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from mock->letsencrypt)
Requirement already up-to-date: pycparser in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cffi>=1.4.1->cryptography>=0.7->letsencrypt)
Requesting root privileges to run with virtualenv: sudo /home/tanakornp/.local/share/letsencrypt/bin/letsencrypt certonly --standalone -d boonchai.homeip.net --text -vv
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:Root logging level set at 10
2016-02-05 22:24:20,558:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:letsencrypt version: 0.3.0
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:Arguments: ['--standalone', '-d', 'boonchai.homeip.net', '--text', '-vv']
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:Requested authenticator standalone and installer None
2016-02-05 22:24:20,856:DEBUG:letsencrypt.display.ops:Single candidate plugin: * standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = letsencrypt.plugins.standalone:Authenticator
Initialized: <letsencrypt.plugins.standalone.Authenticator object at 0x7f810f2e1e10>
Prep: True
2016-02-05 22:24:20,857:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.standalone.Authenticator object at 0x7f810f2e1e10> and installer None
2016-02-05 22:24:20,867:DEBUG:letsencrypt.cli:Picked account: <Account(7c2ad41068d521d1d746dc4edca09ab3)>
2016-02-05 22:24:20,868:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-02-05 22:24:20,871:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:21,479:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2016-02-05 22:24:21,480:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Fri, 05 Feb 2016 15:24:22 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:22 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'bkHqc0FmBH9XEixf87AazGowWqWlR2C3AeM_P2l10tE'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-02-05 22:24:21,481:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Fri, 05 Feb 2016 15:24:22 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:22 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'bkHqc0FmBH9XEixf87AazGowWqWlR2C3AeM_P2l10tE'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-02-05 22:24:21,673:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0085_key-letsencrypt.pem
2016-02-05 22:24:21,676:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0085_csr-letsencrypt.pem
2016-02-05 22:24:21,676:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/csr/0085_csr-letsencrypt.pem', data='0\x82\x02\x940\x82\x01|\x02\x01\x000\x1e1\x1c0\x1a\x06\x03U\x04\x03\x0c\x13boonchai.homeip.net0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xe8\xe5\xd4^\xfb1\x0f{\xd2.\xad\xfd6\xf1\xdc3\x1c4V\xcebG]eI_\xfb\xa2\xb7\x0b\x1eMV|,\xa2\xd5\xa0.S\x98\xe5MJ\xd6\x1b\xe3\xc7^\xe52Dc\r\xfd\xea\x11=\x0f)\x13\xaf\xd4\xab\xedN\xb3D\x82b\xe7T\x02\xcb<N\xdb\xfe\xda\x0c\xda\xb2\x13<5\x9b\x04h\x13o\x9cv.n\xb7\xa9<\xaf:\x85\xd7\x81\x86\xf3{\xee+A5RE\xd3\xc1\x8b\x9b\x19_{8`\xcc\xdcO\xf2R\xefl\xe2\xf1\xac\xd1P\xe1\x92r\'\xfb2u\xe4\xa6\xd3R\x84!\x9d_$yN\xe7\x99;\x17\xb6\x8e\x14\xd3@}y5(\x83Gh7O\xe0\xdd0\x92\xae[\xa2Q1A\xe3\xb0\xc5\xea?\xe7\xefUPnq \xa9\xf9\xff6\xf6\xc1F\n\xa4\xa7\x18O\xc7\x05\xa9\xb1\x8b\xea\xd9\x82\xdf\r\x12\xd6\xfa+\xb5$\xeeJ3\x16I\x8c\xbe\x8a\xae\xd0\xd5\x9c\r\r\xf9\x9e\xe7d\x92I\xb4y\x1b|\x88\xb3\x11\xa4\xdcM\xd6\x05\xd0k\x0b0Oy\x02\x03\x01\x00\x01\xa010/\x06\t*\x86H\x86\xf7\r\x01\t\x0e1"0 0\x1e\x06\x03U\x1d\x11\x04\x170\x15\x82\x13boonchai.homeip.net0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x82\xde\xe6\xd7;\x9b\x82X\xff\xb4~=\xb0\xe2\x97\xe5\x93d\xb3\xaf\xca\xb5\xa0>\xd6Z:9dh\xd7l\x9e#\x86\xde\xf9s\xd2\xb9s\xbeZ\xfc\x18\xc5Y\x1a+JuQ\x1c\x891?\xcc\x90\x06\xbc\xd5\x94U8J\xf0\x83d\xe6\x9c\xf4$\xf4[\xc5\xe37-\xa6F\n\xf3\xe2\xbc\xbf_6\xcd\xf5dB\xcfh\x19\xb6\xb8\xde)\xb4N\x97\xae7!\xa7[\xde\xf9\x90\xcc\x011\xa2\x9f\xa2\x8b\xb3\xfej\xba\xcd\xce\xea\x9d\x97\xe5r\xf8W\xc4\x199\x81\x89,\xfft\xd7\xd3\xd8\xd2i\xa8\xe5x\xe9d;q\x16\xa38Rh\xe2e\x82w3\xef\x08\xa0\x1dn\x8f\x86WD\x9fF\xef\x0fP6#D:\x1dpI\xd1\xc0U:Ex\xb6\x80oGU"g\x08Y\xab9\xc3%Y|\x8fJ\x91gz\xc6\xe8\xccW\xc8\x08\x99\xf6\xb9\xa7\x02Tq\x86\x92I\x9d\x85\xc7\n\xadw\xe1v\xde/_\xdf\xd8Fs\xe5X\xa1\x90\xdeCo\xd4r\xc8\x19\x89\xd5\xb6\xc2\'n\xb5J', form='der'), domains: ['boonchai.homeip.net']
2016-02-05 22:24:21,676:DEBUG:root:Requesting fresh nonce
2016-02-05 22:24:21,676:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-02-05 22:24:21,677:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:22,080:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-02-05 22:24:22,082:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '78', 'Pragma': 'no-cache', 'Expires': 'Fri, 05 Feb 2016 15:24:23 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:23 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'TZ_Ax7wThv03qcU80ACe3BlDEyQcUcDwQUeNIo2xkWs'}. Content: ''
2016-02-05 22:24:22,082:DEBUG:acme.client:Storing nonce: 'M\x9f\xc0\xc7\xbc\x13\x86\xfd7\xa9\xc5<\xd0\x00\x9e\xdc\x19C\x13$\x1cQ\xc0\xf0AG\x8d"\x8d\xb1\x91k'
2016-02-05 22:24:22,083:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
2016-02-05 22:24:22,083:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "boonchai.homeip.net"}, "resource": "new-authz"}
2016-02-05 22:24:22,084:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2016-02-05 22:24:22,085:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2016-02-05 22:24:22,085:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "mEEKCNwI0HwggNNAHxqnbh-X20WPJpgTEa57kiGqKBxESDTqfeU4dbM-ONA3SKu_fQuj_IRLhopy6sYe9jwj_xVyQw3pHIPOcq5Wi_a_ABkTid7TkgBuWiYQIaZdNkDjpkt-390L76FJERvrRtKQVE-f7-iGakl4eZVsx6jwykg2wCfl4i2i95SnCR19zh_xct2VidOX_2Zj55qjGM-F8A76C8bEGyNA1iXqV62IfJYCKWdDcutD0mprkaTUJKP5ca-ciPxU5QSuaJFGoQx_U_yIqDfS-7sfn_Nqosn-cDoDnSF-gO3u6N8yns47ZC4-TYOl385z9vrSswGYM_nE2Q"}}, "protected": "eyJub25jZSI6ICJUWl9BeDd3VGh2MDNxY1U4MEFDZTNCbERFeVFjVWNEd1FVZU5JbzJ4a1dzIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJib29uY2hhaS5ob21laXAubmV0In0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "KB1r5vVFoIHH0rJH1aOL3I22JaPIM6BmJNwp83Np-SM4HA120_z0PW2owFgAoKqj5esQrx3KAVC7huNGEfyh0FFf5Dv1pRhZouauVI_IhzoosGKnw--RTekI-lHVaDy1Z8I92hg-kRNBgYRX3zx0J6fAaAlF9H5RC_QIvAoWikBZpZUEyHVhBN1H0l7DAyVz_SD3kEQpd_43xwrxbluIBkqzgL7XENu46fnf1Yn5MUaEQV-eKPvA-z8PLABjxicmLM-c_Uzry_a8VNy3if8FY7mN7v42ewmGKalqkFyHgboZwC1p3lOWTAuwMqTqJOrdXqWvOKnljQuH1qEHZ0y3Nw"}'}
2016-02-05 22:24:22,086:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:22,531:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 782
2016-02-05 22:24:22,533:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '782', 'Expires': 'Fri, 05 Feb 2016 15:24:23 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:23 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'sLAitaNg7zGEfnUqUZclZyvGCHeD0iiwOzZnYw2HFfE'}. Content: '{"identifier":{"type":"dns","value":"boonchai.homeip.net"},"status":"pending","expires":"2016-02-12T15:24:23.719255885Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985","token":"qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199986","token":"vJrWEKQYdvCyBT9jLBiCSkenJISfI7PGbVt92XkCC3Y"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8"}],"combinations":[[1],[2],[0]]}'
2016-02-05 22:24:22,533:DEBUG:acme.client:Storing nonce: '\xb0\xb0"\xb5\xa3`\xef1\x84~u*Q\x97%g+\xc6\x08w\x83\xd2(\xb0;6gc\r\x87\x15\xf1'
2016-02-05 22:24:22,533:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '782', 'Expires': 'Fri, 05 Feb 2016 15:24:23 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:23 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'sLAitaNg7zGEfnUqUZclZyvGCHeD0iiwOzZnYw2HFfE'}): '{"identifier":{"type":"dns","value":"boonchai.homeip.net"},"status":"pending","expires":"2016-02-12T15:24:23.719255885Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985","token":"qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199986","token":"vJrWEKQYdvCyBT9jLBiCSkenJISfI7PGbVt92XkCC3Y"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8"}],"combinations":[[1],[2],[0]]}'
2016-02-05 22:24:22,534:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985'}
2016-02-05 22:24:22,534:INFO:letsencrypt.auth_handler:Performing the following challenges:
2016-02-05 22:24:22,534:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for boonchai.homeip.net
2016-02-05 22:24:22,572:INFO:letsencrypt.auth_handler:Waiting for verification...
2016-02-05 22:24:22,573:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ", "type": "tls-sni-01", "resource": "challenge"}
2016-02-05 22:24:22,577:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2016-02-05 22:24:22,579:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2016-02-05 22:24:22,579:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "mEEKCNwI0HwggNNAHxqnbh-X20WPJpgTEa57kiGqKBxESDTqfeU4dbM-ONA3SKu_fQuj_IRLhopy6sYe9jwj_xVyQw3pHIPOcq5Wi_a_ABkTid7TkgBuWiYQIaZdNkDjpkt-390L76FJERvrRtKQVE-f7-iGakl4eZVsx6jwykg2wCfl4i2i95SnCR19zh_xct2VidOX_2Zj55qjGM-F8A76C8bEGyNA1iXqV62IfJYCKWdDcutD0mprkaTUJKP5ca-ciPxU5QSuaJFGoQx_U_yIqDfS-7sfn_Nqosn-cDoDnSF-gO3u6N8yns47ZC4-TYOl385z9vrSswGYM_nE2Q"}}, "protected": "eyJub25jZSI6ICJzTEFpdGFOZzd6R0VmblVxVVpjbFp5dkdDSGVEMGlpd096Wm5ZdzJIRmZFIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlBkdUV4bFdXZlEtZ3RBVVFFYlFGZWF3MUNlNEhqZWdyUzRxZGZLS3VEYTguNVBXN3QtMDdWRzBPWTU5a3hTclpNU0VMdnlHdTg2UHhwOERlaXFtMWZsUSIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "Nhbv17Da_hKLNwIxypEySaurUz3Lf40SAaGN9TpfMQa4QhYodNbn8-iQhv3npyrCG30El71SFrzT26ASKwnSpwmPoT-UDklcvQ-O04dm1L24O1StSDnc7o0zxmN1kcubyThBJSxjcHvGvK-xzY1unkvkQXa6cG5bp4r50kIVo4SXlhf-_VYj-vdYIJt82x3vo8TAXjtT5D4rpMuBCI7A_NsvuCSPxprUKPDYSHOdy1fd2ypKJoqLTwrxWCB0yt_SqVgy8J9QnzBu2oiIpfpx4JEDmIcV1ZTTzsxsYSw-Lhv0Y0NhUh0-ugupw4ma45M4yRih2pySp6CO7n2VVgcQ6Q"}'}
2016-02-05 22:24:22,581:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:23,046:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987 HTTP/1.1" 202 316
2016-02-05 22:24:23,048:DEBUG:root:Received <Response [202]>. Headers: {'Content-Length': '316', 'Expires': 'Fri, 05 Feb 2016 15:24:24 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:24 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'TZMAuM-FkZJRVqmZdEJNnhAfQh7hXa5ITJQ2E0phqb0'}. Content: '{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8","keyAuthorization":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ"}'
2016-02-05 22:24:23,048:DEBUG:acme.client:Storing nonce: 'M\x93\x00\xb8\xcf\x85\x91\x92QV\xa9\x99tBM\x9e\x10\x1fB\x1e\xe1]\xaeHL\x946\x13Ja\xa9\xbd'
2016-02-05 22:24:23,048:DEBUG:acme.client:Received response <Response [202]> (headers: {'Content-Length': '316', 'Expires': 'Fri, 05 Feb 2016 15:24:24 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:24 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'TZMAuM-FkZJRVqmZdEJNnhAfQh7hXa5ITJQ2E0phqb0'}): '{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8","keyAuthorization":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ"}'
2016-02-05 22:24:26,049:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w. args: (), kwargs: {}
2016-02-05 22:24:26,050:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:26,477:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w HTTP/1.1" 200 1122
2016-02-05 22:24:26,479:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '1122', 'Expires': 'Fri, 05 Feb 2016 15:24:27 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:27 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'aLciNtZKeCk0a1qRTf0UQqEbIjMaIz3br0VgMWXs3wc'}. Content: '{"identifier":{"type":"dns","value":"boonchai.homeip.net"},"status":"invalid","expires":"2016-02-12T15:24:23Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985","token":"qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199986","token":"vJrWEKQYdvCyBT9jLBiCSkenJISfI7PGbVt92XkCC3Y"},{"type":"tls-sni-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Failed to connect to host for DVSNI challenge"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8","keyAuthorization":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ","validationRecord":[{"hostname":"boonchai.homeip.net","port":"443","addressesResolved":["124.122.70.113"],"addressUsed":"124.122.70.113"}]}],"combinations":[[1],[2],[0]]}'
2016-02-05 22:24:26,479:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1122', 'Expires': 'Fri, 05 Feb 2016 15:24:27 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:27 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'aLciNtZKeCk0a1qRTf0UQqEbIjMaIz3br0VgMWXs3wc'}): '{"identifier":{"type":"dns","value":"boonchai.homeip.net"},"status":"invalid","expires":"2016-02-12T15:24:23Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985","token":"qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199986","token":"vJrWEKQYdvCyBT9jLBiCSkenJISfI7PGbVt92XkCC3Y"},{"type":"tls-sni-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Failed to connect to host for DVSNI challenge"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8","keyAuthorization":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ","validationRecord":[{"hostname":"boonchai.homeip.net","port":"443","addressesResolved":["124.122.70.113"],"addressUsed":"124.122.70.113"}]}],"combinations":[[1],[2],[0]]}'
2016-02-05 22:24:26,479:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985'}
2016-02-05 22:24:26,480:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:
Domain: boonchai.homeip.net
Type: urn:acme:error:connection
Detail: Failed to connect to host for DVSNI challenge
2016-02-05 22:24:26,480:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-02-05 22:24:26,480:DEBUG:letsencrypt.plugins.standalone:Stopping server at 0.0.0.0:443...
2016-02-05 22:24:26,576:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File "/home/tanakornp/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1454, in main
return args.func(args, config, plugins)
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 639, in obtain_cert
_auth_from_domains(le_client, config, domains)
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 418, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 224, in _obtain_certificate
authzr = self.auth_handler.get_authorizations(domains)
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. boonchai.homeip.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge
Failed authorization procedure. boonchai.homeip.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: boonchai.homeip.net
Type: urn:acme:error:connection
Detail: Failed to connect to host for DVSNI challenge
I’m not a pro here but I have spent a day for troubleshooting this and tried a bunch of commands already but still no luck.
Can anyone can spot anything wrong? Or I have to use self-signed instead?