I have a problem when I try to renew all my domains :
My domain is:
I ran this command: /opt/letsencrypt/letsencrypt-auto renew or /opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d
It produced this output: Failed authorization procedure.
youtube-twitch-alerts.addons.luc-mergault.fr (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
My web server is (include version): Apache/2.4.10 (Debian)
The operating system my web server runs on is (include version): Debian GNU/Linux 8
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
Thanks you !
November 18, 2017, 6:33pm
Do you have any sort of firewall that could be limiting inbound connections from some parts of the Internet?
November 18, 2017, 8:45pm
redirects permanently (301) to https.
as also shown by all major browsers:
I have Fail2ban, but when I watch the ban list, I don’t have IP address :-/
After, I have the default Firewall ( I believe IPtable ) ^^
Yes it’s normal ^^
November 19, 2017, 12:02am
Hmm, why do you want me to do this?
November 19, 2017, 1:38am
To test if it can be reached form the Internet correctly.
I have this path if you want ^^
November 19, 2017, 5:32am
It would be good to use the exact path that
@rg305 suggested because
/.well-known/acme-challenge/ has a special meaning to the certificate authority.
Ho, ok sorry, I have created this path :
Edit : Just for information, I have this problem in all my domains
November 20, 2017, 4:47am
@cpu, could you perhaps try this and see if there’s something strange about the routing or a netblock-specific firewall?
November 20, 2017, 5:16am
Have you made any special coding for
November 20, 2017, 2:21pm
I will ask our operations team to look into this. It’s not something I can check myself unfortunately.
November 20, 2017, 3:10pm
I have been able to access your website on ports 80/443 from different network vantage points. If you have programmatic access to install a DNS TXT record, could you try using the DNS-01 challenge?
If you use
certbot standalone , what result do you get?
Out of curiosity, can you post your webserver vhost configuration please?
@rg305 No, but I do not think that’s the problem ^^
For information, the problem was not the 3 ~ 4 months ago, it is only recently that it is there :-/
1 - What is “DNS-01 challenge” ?
2 - Will not that break the configuration of my server ?
3 - The global server configuration or just for a specific domain ?
Here the log after trying to launch command ( I deleted some info that seemed to me private ) :
November 20, 2017, 8:07pm
The DNS-01 challenge type involves creating a TXT record on your domain with the challenge response as its value.
No, this will not break your domain.
Depends on what you’re issuing certificates for. For example, if you issue for
youtube-twitch-alerts.luc-mergault.fr, you would need to create a TXT record for
_acme-challenge.youtube-twitch-alerts.luc-mergault.fr. If you wanted to generate a certificate for, say,
www.youtube-twitch-alerts.luc-mergault.fr, you would need to create a TXT record for
Oops, sorry for the delay …
1 - Um, ok, I’m not sure I understand ( I’m not an expert in the field ^^)
2 - Ok ok
3 - Ha okay, but why do we have to do this now that it worked properly before ? :-/
Edit : What should I enter in the entrance ?
Edit 2 : I was thinking, maybe the problem comes from an Apache module or a configuration, what do you think ?
I know that during the installation of the server, I had installed one / modules, but I do not remember which ( And I also changed some things about the operation of the server ) :-/
Here my list of Pache2 modules loaded :
Ok, new update, I tried this command :
/opt/letsencrypt/letsencrypt-auto renew --force-renewal
This domains successful renew :
And other random domain did not work :-/
Attempting to renew cert (amazon-wtf.luluwebmaster.fr) from /etc/letsencrypt/renewal/amazon-wtf.luluwebmaster.fr.conf produced an unexpected error: Failed authorization procedure. amazon-wtf.luluwebmaster.fr (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout. Skipping.
The following certs could not be renewed:
Other information, all domains listed changed from VPS 3 ~ 4 months ago
Here it is, if it helps ^^
Ok, so I really do not understand this problem …
I just reassured this morning, and there, all the certificates have been renewed !
December 27, 2017, 9:06am
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.