Cannot issue cert, DNS problem


#1

My web was on VirtualBox running Ubuntu (LAMP) and the server itself was in 2 layer NAT.
I’ve managed to sort out all port forwarding stuff and test all my site which worked fine both on LAN and WAN. My website was accessed via Dynamic DNS (iphome.net).

Here is the command I used for issuing the SLL key. (I have stop Apache service before I execute the command)
./letsencrypt-auto certonly --standalone -d boonchai.homeip.net --text -vv
Here is the result

Updating letsencrypt and virtual environment dependencies...
Requirement already up-to-date: setuptools in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: pip in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: letsencrypt in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: letsencrypt-apache in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: zope.interface in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: setuptools in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: python2-pythondialog>=3.2.2rc1 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: PyOpenSSL in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: acme==0.3.0 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: ConfigArgParse>=0.9.3 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: parsedatetime in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: configobj in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: pytz in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: psutil>=2.1.0 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: six in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: cryptography>=0.7 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: zope.component in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: mock in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: pyrfc3339 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: python-augeas in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt-apache)
Requirement already up-to-date: requests in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt)
Requirement already up-to-date: pyasn1 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt)
Requirement already up-to-date: ndg-httpsclient in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt)
Requirement already up-to-date: werkzeug in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt)
Requirement already up-to-date: idna>=2.0 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: enum34 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: ipaddress in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: cffi>=1.4.1 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: zope.event in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from zope.component->letsencrypt)
Requirement already up-to-date: funcsigs in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from mock->letsencrypt)
Requirement already up-to-date: pbr>=0.11 in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from mock->letsencrypt)
Requirement already up-to-date: pycparser in /home/tanakornp/.local/share/letsencrypt/lib/python2.7/site-packages (from cffi>=1.4.1->cryptography>=0.7->letsencrypt)
Requesting root privileges to run with virtualenv: sudo /home/tanakornp/.local/share/letsencrypt/bin/letsencrypt certonly --standalone -d boonchai.homeip.net --text -vv
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:Root logging level set at 10
2016-02-05 22:24:20,558:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:letsencrypt version: 0.3.0
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:Arguments: ['--standalone', '-d', 'boonchai.homeip.net', '--text', '-vv']
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-02-05 22:24:20,558:DEBUG:letsencrypt.cli:Requested authenticator standalone and installer None
2016-02-05 22:24:20,856:DEBUG:letsencrypt.display.ops:Single candidate plugin: * standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = letsencrypt.plugins.standalone:Authenticator
Initialized: <letsencrypt.plugins.standalone.Authenticator object at 0x7f810f2e1e10>
Prep: True
2016-02-05 22:24:20,857:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.standalone.Authenticator object at 0x7f810f2e1e10> and installer None
2016-02-05 22:24:20,867:DEBUG:letsencrypt.cli:Picked account: <Account(7c2ad41068d521d1d746dc4edca09ab3)>
2016-02-05 22:24:20,868:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-02-05 22:24:20,871:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:21,479:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2016-02-05 22:24:21,480:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Fri, 05 Feb 2016 15:24:22 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:22 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'bkHqc0FmBH9XEixf87AazGowWqWlR2C3AeM_P2l10tE'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-02-05 22:24:21,481:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Fri, 05 Feb 2016 15:24:22 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:22 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'bkHqc0FmBH9XEixf87AazGowWqWlR2C3AeM_P2l10tE'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-02-05 22:24:21,673:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0085_key-letsencrypt.pem
2016-02-05 22:24:21,676:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0085_csr-letsencrypt.pem
2016-02-05 22:24:21,676:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/csr/0085_csr-letsencrypt.pem', data='0\x82\x02\x940\x82\x01|\x02\x01\x000\x1e1\x1c0\x1a\x06\x03U\x04\x03\x0c\x13boonchai.homeip.net0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xe8\xe5\xd4^\xfb1\x0f{\xd2.\xad\xfd6\xf1\xdc3\x1c4V\xcebG]eI_\xfb\xa2\xb7\x0b\x1eMV|,\xa2\xd5\xa0.S\x98\xe5MJ\xd6\x1b\xe3\xc7^\xe52Dc\r\xfd\xea\x11=\x0f)\x13\xaf\xd4\xab\xedN\xb3D\x82b\xe7T\x02\xcb<N\xdb\xfe\xda\x0c\xda\xb2\x13<5\x9b\x04h\x13o\x9cv.n\xb7\xa9<\xaf:\x85\xd7\x81\x86\xf3{\xee+A5RE\xd3\xc1\x8b\x9b\x19_{8`\xcc\xdcO\xf2R\xefl\xe2\xf1\xac\xd1P\xe1\x92r\'\xfb2u\xe4\xa6\xd3R\x84!\x9d_$yN\xe7\x99;\x17\xb6\x8e\x14\xd3@}y5(\x83Gh7O\xe0\xdd0\x92\xae[\xa2Q1A\xe3\xb0\xc5\xea?\xe7\xefUPnq \xa9\xf9\xff6\xf6\xc1F\n\xa4\xa7\x18O\xc7\x05\xa9\xb1\x8b\xea\xd9\x82\xdf\r\x12\xd6\xfa+\xb5$\xeeJ3\x16I\x8c\xbe\x8a\xae\xd0\xd5\x9c\r\r\xf9\x9e\xe7d\x92I\xb4y\x1b|\x88\xb3\x11\xa4\xdcM\xd6\x05\xd0k\x0b0Oy\x02\x03\x01\x00\x01\xa010/\x06\t*\x86H\x86\xf7\r\x01\t\x0e1"0 0\x1e\x06\x03U\x1d\x11\x04\x170\x15\x82\x13boonchai.homeip.net0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x82\xde\xe6\xd7;\x9b\x82X\xff\xb4~=\xb0\xe2\x97\xe5\x93d\xb3\xaf\xca\xb5\xa0>\xd6Z:9dh\xd7l\x9e#\x86\xde\xf9s\xd2\xb9s\xbeZ\xfc\x18\xc5Y\x1a+JuQ\x1c\x891?\xcc\x90\x06\xbc\xd5\x94U8J\xf0\x83d\xe6\x9c\xf4$\xf4[\xc5\xe37-\xa6F\n\xf3\xe2\xbc\xbf_6\xcd\xf5dB\xcfh\x19\xb6\xb8\xde)\xb4N\x97\xae7!\xa7[\xde\xf9\x90\xcc\x011\xa2\x9f\xa2\x8b\xb3\xfej\xba\xcd\xce\xea\x9d\x97\xe5r\xf8W\xc4\x199\x81\x89,\xfft\xd7\xd3\xd8\xd2i\xa8\xe5x\xe9d;q\x16\xa38Rh\xe2e\x82w3\xef\x08\xa0\x1dn\x8f\x86WD\x9fF\xef\x0fP6#D:\x1dpI\xd1\xc0U:Ex\xb6\x80oGU"g\x08Y\xab9\xc3%Y|\x8fJ\x91gz\xc6\xe8\xccW\xc8\x08\x99\xf6\xb9\xa7\x02Tq\x86\x92I\x9d\x85\xc7\n\xadw\xe1v\xde/_\xdf\xd8Fs\xe5X\xa1\x90\xdeCo\xd4r\xc8\x19\x89\xd5\xb6\xc2\'n\xb5J', form='der'), domains: ['boonchai.homeip.net']
2016-02-05 22:24:21,676:DEBUG:root:Requesting fresh nonce
2016-02-05 22:24:21,676:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-02-05 22:24:21,677:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:22,080:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-02-05 22:24:22,082:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '78', 'Pragma': 'no-cache', 'Expires': 'Fri, 05 Feb 2016 15:24:23 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:23 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'TZ_Ax7wThv03qcU80ACe3BlDEyQcUcDwQUeNIo2xkWs'}. Content: ''
2016-02-05 22:24:22,082:DEBUG:acme.client:Storing nonce: 'M\x9f\xc0\xc7\xbc\x13\x86\xfd7\xa9\xc5<\xd0\x00\x9e\xdc\x19C\x13$\x1cQ\xc0\xf0AG\x8d"\x8d\xb1\x91k'
2016-02-05 22:24:22,083:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
2016-02-05 22:24:22,083:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "boonchai.homeip.net"}, "resource": "new-authz"}
2016-02-05 22:24:22,084:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2016-02-05 22:24:22,085:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2016-02-05 22:24:22,085:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "mEEKCNwI0HwggNNAHxqnbh-X20WPJpgTEa57kiGqKBxESDTqfeU4dbM-ONA3SKu_fQuj_IRLhopy6sYe9jwj_xVyQw3pHIPOcq5Wi_a_ABkTid7TkgBuWiYQIaZdNkDjpkt-390L76FJERvrRtKQVE-f7-iGakl4eZVsx6jwykg2wCfl4i2i95SnCR19zh_xct2VidOX_2Zj55qjGM-F8A76C8bEGyNA1iXqV62IfJYCKWdDcutD0mprkaTUJKP5ca-ciPxU5QSuaJFGoQx_U_yIqDfS-7sfn_Nqosn-cDoDnSF-gO3u6N8yns47ZC4-TYOl385z9vrSswGYM_nE2Q"}}, "protected": "eyJub25jZSI6ICJUWl9BeDd3VGh2MDNxY1U4MEFDZTNCbERFeVFjVWNEd1FVZU5JbzJ4a1dzIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJib29uY2hhaS5ob21laXAubmV0In0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "KB1r5vVFoIHH0rJH1aOL3I22JaPIM6BmJNwp83Np-SM4HA120_z0PW2owFgAoKqj5esQrx3KAVC7huNGEfyh0FFf5Dv1pRhZouauVI_IhzoosGKnw--RTekI-lHVaDy1Z8I92hg-kRNBgYRX3zx0J6fAaAlF9H5RC_QIvAoWikBZpZUEyHVhBN1H0l7DAyVz_SD3kEQpd_43xwrxbluIBkqzgL7XENu46fnf1Yn5MUaEQV-eKPvA-z8PLABjxicmLM-c_Uzry_a8VNy3if8FY7mN7v42ewmGKalqkFyHgboZwC1p3lOWTAuwMqTqJOrdXqWvOKnljQuH1qEHZ0y3Nw"}'}
2016-02-05 22:24:22,086:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:22,531:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 782
2016-02-05 22:24:22,533:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '782', 'Expires': 'Fri, 05 Feb 2016 15:24:23 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:23 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'sLAitaNg7zGEfnUqUZclZyvGCHeD0iiwOzZnYw2HFfE'}. Content: '{"identifier":{"type":"dns","value":"boonchai.homeip.net"},"status":"pending","expires":"2016-02-12T15:24:23.719255885Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985","token":"qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199986","token":"vJrWEKQYdvCyBT9jLBiCSkenJISfI7PGbVt92XkCC3Y"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8"}],"combinations":[[1],[2],[0]]}'
2016-02-05 22:24:22,533:DEBUG:acme.client:Storing nonce: '\xb0\xb0"\xb5\xa3`\xef1\x84~u*Q\x97%g+\xc6\x08w\x83\xd2(\xb0;6gc\r\x87\x15\xf1'
2016-02-05 22:24:22,533:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '782', 'Expires': 'Fri, 05 Feb 2016 15:24:23 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:23 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'sLAitaNg7zGEfnUqUZclZyvGCHeD0iiwOzZnYw2HFfE'}): '{"identifier":{"type":"dns","value":"boonchai.homeip.net"},"status":"pending","expires":"2016-02-12T15:24:23.719255885Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985","token":"qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199986","token":"vJrWEKQYdvCyBT9jLBiCSkenJISfI7PGbVt92XkCC3Y"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8"}],"combinations":[[1],[2],[0]]}'
2016-02-05 22:24:22,534:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985'}
2016-02-05 22:24:22,534:INFO:letsencrypt.auth_handler:Performing the following challenges:
2016-02-05 22:24:22,534:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for boonchai.homeip.net
2016-02-05 22:24:22,572:INFO:letsencrypt.auth_handler:Waiting for verification...
2016-02-05 22:24:22,573:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ", "type": "tls-sni-01", "resource": "challenge"}
2016-02-05 22:24:22,577:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2016-02-05 22:24:22,579:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2016-02-05 22:24:22,579:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "mEEKCNwI0HwggNNAHxqnbh-X20WPJpgTEa57kiGqKBxESDTqfeU4dbM-ONA3SKu_fQuj_IRLhopy6sYe9jwj_xVyQw3pHIPOcq5Wi_a_ABkTid7TkgBuWiYQIaZdNkDjpkt-390L76FJERvrRtKQVE-f7-iGakl4eZVsx6jwykg2wCfl4i2i95SnCR19zh_xct2VidOX_2Zj55qjGM-F8A76C8bEGyNA1iXqV62IfJYCKWdDcutD0mprkaTUJKP5ca-ciPxU5QSuaJFGoQx_U_yIqDfS-7sfn_Nqosn-cDoDnSF-gO3u6N8yns47ZC4-TYOl385z9vrSswGYM_nE2Q"}}, "protected": "eyJub25jZSI6ICJzTEFpdGFOZzd6R0VmblVxVVpjbFp5dkdDSGVEMGlpd096Wm5ZdzJIRmZFIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlBkdUV4bFdXZlEtZ3RBVVFFYlFGZWF3MUNlNEhqZWdyUzRxZGZLS3VEYTguNVBXN3QtMDdWRzBPWTU5a3hTclpNU0VMdnlHdTg2UHhwOERlaXFtMWZsUSIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "Nhbv17Da_hKLNwIxypEySaurUz3Lf40SAaGN9TpfMQa4QhYodNbn8-iQhv3npyrCG30El71SFrzT26ASKwnSpwmPoT-UDklcvQ-O04dm1L24O1StSDnc7o0zxmN1kcubyThBJSxjcHvGvK-xzY1unkvkQXa6cG5bp4r50kIVo4SXlhf-_VYj-vdYIJt82x3vo8TAXjtT5D4rpMuBCI7A_NsvuCSPxprUKPDYSHOdy1fd2ypKJoqLTwrxWCB0yt_SqVgy8J9QnzBu2oiIpfpx4JEDmIcV1ZTTzsxsYSw-Lhv0Y0NhUh0-ugupw4ma45M4yRih2pySp6CO7n2VVgcQ6Q"}'}
2016-02-05 22:24:22,581:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:23,046:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987 HTTP/1.1" 202 316
2016-02-05 22:24:23,048:DEBUG:root:Received <Response [202]>. Headers: {'Content-Length': '316', 'Expires': 'Fri, 05 Feb 2016 15:24:24 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:24 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'TZMAuM-FkZJRVqmZdEJNnhAfQh7hXa5ITJQ2E0phqb0'}. Content: '{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8","keyAuthorization":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ"}'
2016-02-05 22:24:23,048:DEBUG:acme.client:Storing nonce: 'M\x93\x00\xb8\xcf\x85\x91\x92QV\xa9\x99tBM\x9e\x10\x1fB\x1e\xe1]\xaeHL\x946\x13Ja\xa9\xbd'
2016-02-05 22:24:23,048:DEBUG:acme.client:Received response <Response [202]> (headers: {'Content-Length': '316', 'Expires': 'Fri, 05 Feb 2016 15:24:24 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:24 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'TZMAuM-FkZJRVqmZdEJNnhAfQh7hXa5ITJQ2E0phqb0'}): '{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8","keyAuthorization":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ"}'
2016-02-05 22:24:26,049:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w. args: (), kwargs: {}
2016-02-05 22:24:26,050:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-05 22:24:26,477:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w HTTP/1.1" 200 1122
2016-02-05 22:24:26,479:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '1122', 'Expires': 'Fri, 05 Feb 2016 15:24:27 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:27 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'aLciNtZKeCk0a1qRTf0UQqEbIjMaIz3br0VgMWXs3wc'}. Content: '{"identifier":{"type":"dns","value":"boonchai.homeip.net"},"status":"invalid","expires":"2016-02-12T15:24:23Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985","token":"qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199986","token":"vJrWEKQYdvCyBT9jLBiCSkenJISfI7PGbVt92XkCC3Y"},{"type":"tls-sni-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Failed to connect to host for DVSNI challenge"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8","keyAuthorization":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ","validationRecord":[{"hostname":"boonchai.homeip.net","port":"443","addressesResolved":["124.122.70.113"],"addressUsed":"124.122.70.113"}]}],"combinations":[[1],[2],[0]]}'
2016-02-05 22:24:26,479:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1122', 'Expires': 'Fri, 05 Feb 2016 15:24:27 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Fri, 05 Feb 2016 15:24:27 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'aLciNtZKeCk0a1qRTf0UQqEbIjMaIz3br0VgMWXs3wc'}): '{"identifier":{"type":"dns","value":"boonchai.homeip.net"},"status":"invalid","expires":"2016-02-12T15:24:23Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985","token":"qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199986","token":"vJrWEKQYdvCyBT9jLBiCSkenJISfI7PGbVt92XkCC3Y"},{"type":"tls-sni-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Failed to connect to host for DVSNI challenge"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199987","token":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8","keyAuthorization":"PduExlWWfQ-gtAUQEbQFeaw1Ce4HjegrS4qdfKKuDa8.5PW7t-07VG0OY59kxSrZMSELvyGu86Pxp8Deiqm1flQ","validationRecord":[{"hostname":"boonchai.homeip.net","port":"443","addressesResolved":["124.122.70.113"],"addressUsed":"124.122.70.113"}]}],"combinations":[[1],[2],[0]]}'
2016-02-05 22:24:26,479:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'qvlp1CHZXKCXiazzdAiVLPUuniH7Aor9F2k4FTZoCwU', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/yjuY3x9zA4c_SLFvk3zzQaZQuQNEfMicJ3r8Y_bTI2w/14199985'}
2016-02-05 22:24:26,480:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:

Domain: boonchai.homeip.net
Type:   urn:acme:error:connection
Detail: Failed to connect to host for DVSNI challenge
2016-02-05 22:24:26,480:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-02-05 22:24:26,480:DEBUG:letsencrypt.plugins.standalone:Stopping server at 0.0.0.0:443...
2016-02-05 22:24:26,576:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/home/tanakornp/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1454, in main
    return args.func(args, config, plugins)
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 639, in obtain_cert
    _auth_from_domains(le_client, config, domains)
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 418, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains)
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 224, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 84, in get_authorizations
    self._respond(cont_resp, dv_resp, best_effort)
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 142, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/home/tanakornp/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 204, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. boonchai.homeip.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge

Failed authorization procedure. boonchai.homeip.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: boonchai.homeip.net
   Type:   urn:acme:error:connection
   Detail: Failed to connect to host for DVSNI challenge

I’m not a pro here but I have spent a day for troubleshooting this and tried a bunch of commands already but still no luck.
Can anyone can spot anything wrong? Or I have to use self-signed instead?


#2

Are you sure you have sorted out your port forwards / firewall ? I can’t reach boonchai.homeip.net


#3

I’ve sorted out. I have disabled those rule coz don’t need those port to be up all the time and I’m not sure anyone will look into this.

Could you check it again? It should be apache default page on 80 and error:500 on 443, coz I’m still trying to my site with OpenSSL.

Thank you so much for take a look at this.


#4

Yes, I can reach your site on http now ( and get the “Apache2 Ubuntu Default Page”) https is not working properly at the moment though.


#5

Thanks serverco for check the port for me. I finally sorted this out. For some reason 443 port has problem at that time. It’s seem the 1st layer NAT router did not work properly coz I did configure it properly. But after schedule reboot, it works and I can reach my server via 443 (apache internal error 500) but the command above still not works.

I decided to verify over port 80 by using command below instead

./letsencrypt-auto certonly --standalone-supported-challenges http-01 -d my.ddns.com --text -vv --renew-by-default


#6
Certificate chain
 0 s:/C=us/ST=California/L=Irvine/O=Linksys/OU=rc/CN=www.linksys.com
   i:/C=us/ST=California/L=Irvine/O=Linksys/OU=rc/CN=www.linksys.com

Looks like I’m connecting to your router on port 443… Do you have “remote access” or something set to “on”?

Looks like you’ve got a Linksys WAG200G router :stuck_out_tongue:


#7

Damn that must be the cause!! Coz I double and triple check on my port forwarding for many many time and I still cen’t get it works.
That’s pretty insecure, how can I forgot that!
Thanks a lot for reminding me this! I turned that off now.