Please fill out the fields below so we can help you better.
My domain is: various
I ran this command: letsencrypt renew
It produced this output:
The following errors were reported by the server:
Domain: [DOMAIN1]
Type: tls
Detail: Failed to connect to 104.28.29.89:443 for TLS-SNI-01
challenge
Domain: www.[DOMAIN1]
Type: tls
Detail: Failed to connect to 104.28.28.89:443 for TLS-SNI-01
challenge
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
you have an up-to-date TLS configuration that allows the server to
communicate with the Let's Encrypt client.
Providing your domain name would make it a lot easier for people to provide support.
My guess is that your DNS points to cloudflare's proxy server, and as such, when the script triess to verify your domain on port 443 it's actually going to cloudflare's server - not your server, and hence failing. [quote="TaeWoo, post:1, topic:25357"]
Is this a DNS / IP issue? Do i need to change the nameserver back to my own provider's nameserver, renew the SSL cert, and move it back to cloudflare?
[/quote]
I suspect it's a DNS / cloudflare issue because you are using cloudflare's caching service. (I can't confirm without your domain name )
Without comparing them I can't tell. Perhaps they aren't using cloudflare's cache ?
Now you have changed the settins at cloudflare to DNS only, can you provide the log of the attempt please ( pastebin.com is probably the easiest place )
What command are you running on the command line ? and can you include the --debug option please, then paste the full output (including the command and everything following it )
The “service nginx stop” could be a good reason why it can’t connect.
How did you generate these certificates in the first place ? and why are you stopping nginx in order to renew ? can you provide a little more information on your setup please.
With the --debug. What version of letsencrypt are you using ? it sound like you are using an old version and (possibly) need to update to the latest certbot ( the updated name of the official letsencrypt client )
(for example, if you used a webroot method to issue the certificate—since webroot requires that the web server is running during a renewal, while the standalone method often requires that the web server is not running during a renewal)
As far as version, when I re-run apt-get install.. i get this
letsencrypt is already the newest version (0.4.1-1)
Why I stopped nginx
During the renew process, i got this message
> The program nginx (process ID 5914) is already listening on TCP port 80. This > will prevent us from binding to that port. Please stop the nginx program > temporarily and then try again. For automated renewal, you may want to use a > script that stops and starts your webserver. You can find an example at
_> Getting Started - Let's Encrypt > Alternatively you can use the webroot plugin to renew without needing to stop > and start your webserver.