Can't install SSL cert on droplet server

Hi there, I’m trying to launch an SSL certificate for my droplet server using Let’s Encrypt. I’m following this guide:

I managed to successfully install the certbot program from the repository. However, when I tried entering the command “sudo certbot --apache -d drawbridger.com” via ssh, I get the following error:

"Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for drawbridger.com
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. drawbridger.com (http-01): urn:acme:error:connec tion :: The server could not connect to the client to verify the domain :: Fetch ing http://drawbridger.com/.well-known/acme-challenge/fnOb2lcy8Xo7Tj0s7n-4zKIRkB 9vB4vvE4CL7O5-EAs: Timeout

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: drawbridger.com
  Type: connection
  Detail: Fetching
  http://drawbridger.com/.well-known/acme-challenge/fnOb2lcy8Xo7Tj0s7n-4zKIRkB9 vB4vvE4CL7O5-EAs:
  Timeout

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided."

I can paste the log file here as well if it is needed.

My URL is working perfectly fine (drawbridger.com) and when you enter it the Apache default page comes up, which means the name records must have been added properly.

When I run “sudo ufw status verbose” I get the following results:

"
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From

22 ALLOW IN Anywhere
2010 ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
21/tcp ALLOW IN Anywhere
80,443/tcp (Apache Full) ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
2010 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
21/tcp (v6) ALLOW IN Anywhere (v6)
80,443/tcp (Apache Full (v6)) ALLOW IN Anywhere (v6)"

Please let me know what I need to do to fix this error!

best regards

Hi @SandraIndole,

You’re advertising the IPv6 address 2a03:b0c0:1:d0::6de:f001 via a DNS AAAA record, but your site isn’t reachable on that address, only via IPv4.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.