Please fill out the fields below so we can help you better.
My domain is: nc.sgarnica.org
I ran this command: certbot certonly --webroot -w /var/www/acme-challenge/ -d nc.sgarnica.org
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nc.sgarnica.org
Using the webroot path /var/www/acme-challenge for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. nc.sgarnica.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://nc.sgarnica.org/.well-known/acme-challenge/3srs5MTM5NNlL6lcfDnRp1URwHOGXSTxUVf9l4j0twE: Error getting validation data
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: nc.sgarnica.org
Type: connection
Detail: Fetching
http://nc.sgarnica.org/.well-known/acme-challenge/3srs5MTM5NNlL6lcfDnRp1URwHOGXSTxUVf9l4j0twE:
Error getting validation data
My web server is (include version): nginx/1.11.1
The operating system my web server runs on is (include version): CentOS Linux release 7.2.1511 (Core)
My hosting provider, if applicable, is: selfhosted
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I’ve been using LE (with certbot) without an issue for over a year now, and sometimes, I used gethttpsforfree to get some certificates, without an issue.
Yesterday I try to issue a certificate for this domain (a new subdomain. I have certificates for others subdomains in this same domain) and I run into this error I describe. For discarding other issues, I try a certbot renew --dry-run which for my surprise not just doesn’t works but returns the same error for the two others subdomains (renewal was functioning OK and ) and the Nginx vHost configuration wasn’t changed.
I verify all possible things, the fqdn points to the right IP, my nginx is serving correctly, and I can serve content from the webroot path provides. I manually create the acme-challenge folder and place a file inside it and I can correctly display it (firefox, curl).
After testing many Nginx configurations, with that domain and other domains (just for trying, since I verified I could serve from that path) I ditch cerbot and try gethttpsforfree, since I really need this certificate sooner than I’d like a proper cerbot functioning. For my surprise, gethttpsforfree doesn’t works either (first time that happens for me)
In the latter case, it fails in the final step (5) giving me this error:
Error: Domain challenge failed. Please start back at Step 1. { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:connection”, “detail”: “Fetching http://nc.sgarnica.org/.well-known/acme-challenge/sXBC5SDxNBxI8cT8-Iem7MlQXXlFRvq-MjjD3Fpxf2g: Error getting validation data”, “status”: 400 }, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/UF9GfCdFrdgjru-T4qGomfODrQ4QGSpfnnunzBiLsGw/1446680568”, “token”: “sXBC5SDxNBxI8cT8-Iem7MlQXXlFRvq-MjjD3Fpxf2g”, “keyAuthorization”: “sXBC5SDxNBxI8cT8-Iem7MlQXXlFRvq-MjjD3Fpxf2g.x9d1J2bFWc9o7DthOIoRmUFXxzNP_pwtaNMMJRNgvZk”, “validationRecord”: [ { “url”: “http://nc.sgarnica.org/.well-known/acme-challenge/sXBC5SDxNBxI8cT8-Iem7MlQXXlFRvq-MjjD3Fpxf2g”, “hostname”: “nc.sgarnica.org”, “port”: “80”, “addressesResolved”: [ “83.32.105.48” ], “addressUsed”: “83.32.105.48”, “addressesTried”: [] } ] }
I choosed to serve the file with the python simple http server (I’ve always done that way) and it seems I get a request:
192.168.1.1 - - [29/Jun/2017 12:22:30] “GET /.well-known/acme-challenge/sXBC5SDxNBxI8cT8-Iem7MlQXXlFRvq-MjjD3Fpxf2g HTTP/1.1” 200 -
I also open the URL (http://nc.sgarnica.org/.well-known/acme-challenge/sXBC5SDxNBxI8cT8-Iem7MlQXXlFRvq-MjjD3Fpxf2g) in a browser (Firefox, private mode) and get a response:
sXBC5SDxNBxI8cT8-Iem7MlQXXlFRvq-MjjD3Fpxf2g.x9d1J2bFWc9o7DthOIoRmUFXxzNP_pwtaNMMJRNgvZk
So, at this point I don’t know where to look at. Any tips?
The only major change in the server configuration was upgrading PHP (5.4 to 7.1)
I also updated cerbot to the last version in my repo: 0.14.1
Thanks for reading!