Failed authorization procedure. grafana1.dev.infra.nyj.inap.owneriq.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused, grafana1.dev.infra.owneriq.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused
That restriction will last for an hour (counting from the first failed attempt, not the most recent one) and is meant to stop automated processes from repeatedly trying to issue certificates over and over again. You can test with --staging in the meantime or any time when you're not sure if issuance will work.
I find this failure kind of mysterious because I can connect to these web servers just fine. Is it possible that you have some kind of firewall or intrusion prevention system that selectively blacklists incoming connections from certain networks or locations?
Yeah that’s the confusing part. It’s an out of the box centos setup. I’ve done the following while debugging:
There’s a firewall up, but port 80 and 443 are wide open for this server. Same goes for iptables.
I’ve tested from two different external sources, both with curl and telnet on port 80.
I’ve disabled SELinux.
Made sure there’s nothing like denyhosts or fail2ban on the host.
I’ve double checked DNS records.
Our firewall is managed by our hosting provider so I’m talking with them to make sure it’s not getting stopped there. Is there an ip I could point them to?