Certbot Not Able to Complete TLS-SNI Challenge - Port 443 in use


#1

Please fill out the fields below so we can help you better.

My domain is: pass-uber-test.com and mallofpakistan.pk

I ran this command: sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

It produced this output: Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

(A)gree/©ancel: A


Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.

(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for www.pass-uber-test.com
tls-sni-01 challenge for www.mallofpakistan.pk


Could not bind TCP port 443 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.

My operating system is (include version): mac OS Sierra version 10.12

My web server is (include version): apache2-mod-php7.0_7.0.15

My hosting provider, if applicable, is: Linode (Ubuntu 16.04.1 LTS)

I can login to a root shell on my machine (yes or no, or I don’t know): not sure

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I use terminal and filezilla

When I input ‘netstat’ in terminal: Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 mallofpakistan.pk:ssh 110.93.237.162:16665 ESTABLISHED
tcp 0 236 mallofpakistan.pk:ssh 110.93.237.162:21637 ESTABLISHED
tcp6 32 0 mallofpakistan.pk:50516 2600:1417:5e:183::https CLOSE_WAIT
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 3 [ ] DGRAM 8713 /run/systemd/notify
unix 2 [ ] DGRAM 8723 /run/systemd/journal/syslog
unix 12 [ ] DGRAM 8738 /run/systemd/journal/dev-log
unix 7 [ ] DGRAM 8743 /run/systemd/journal/socket
unix 2 [ ] DGRAM 7285315 /run/user/0/systemd/notify
unix 2 [ ] DGRAM 13660 /var/spool/postfix/dev/log
unix 3 [ ] STREAM CONNECTED 15956
unix 3 [ ] STREAM CONNECTED 15912
unix 3 [ ] STREAM CONNECTED 15918
unix 3 [ ] STREAM CONNECTED 15957
unix 3 [ ] STREAM CONNECTED 15911
unix 3 [ ] STREAM CONNECTED 15917
unix 3 [ ] STREAM CONNECTED 15959
unix 3 [ ] STREAM CONNECTED 15909
unix 3 [ ] STREAM CONNECTED 15908
unix 3 [ ] STREAM CONNECTED 15914
unix 3 [ ] STREAM CONNECTED 15953
unix 3 [ ] STREAM CONNECTED 15954
unix 3 [ ] STREAM CONNECTED 15906
unix 3 [ ] STREAM CONNECTED 15905
unix 3 [ ] STREAM CONNECTED 15915
unix 3 [ ] STREAM CONNECTED 14496
unix 3 [ ] STREAM CONNECTED 15942
unix 3 [ ] STREAM CONNECTED 15941
unix 3 [ ] STREAM CONNECTED 15939
unix 3 [ ] STREAM CONNECTED 15938
unix 2 [ ] DGRAM 13637
unix 3 [ ] STREAM CONNECTED 15936
unix 3 [ ] STREAM CONNECTED 15965
unix 3 [ ] STREAM CONNECTED 15966
unix 3 [ ] STREAM CONNECTED 14306
unix 3 [ ] STREAM CONNECTED 7305028 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15960
unix 2 [ ] DGRAM 7285291
unix 3 [ ] STREAM CONNECTED 14497 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15962
unix 3 [ ] STREAM CONNECTED 15897
unix 2 [ ] DGRAM 13429
unix 2 [ ] DGRAM 15981
unix 3 [ ] STREAM CONNECTED 7305027
unix 3 [ ] STREAM CONNECTED 15963
unix 3 [ ] STREAM CONNECTED 14307
unix 3 [ ] STREAM CONNECTED 14279 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15890
unix 3 [ ] STREAM CONNECTED 15891
unix 3 [ ] STREAM CONNECTED 13366 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15857
unix 2 [ ] DGRAM 14217
unix 3 [ ] STREAM CONNECTED 14278
unix 2 [ ] DGRAM 7284354
unix 3 [ ] STREAM CONNECTED 13868 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 13867
unix 3 [ ] STREAM CONNECTED 15856
unix 3 [ ] STREAM CONNECTED 15884
unix 3 [ ] STREAM CONNECTED 13917 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15902
unix 3 [ ] STREAM CONNECTED 15883
unix 3 [ ] STREAM CONNECTED 13916
unix 3 [ ] STREAM CONNECTED 13437
unix 3 [ ] STREAM CONNECTED 15880
unix 3 [ ] DGRAM 7294627
unix 3 [ ] STREAM CONNECTED 15930
unix 3 [ ] STREAM CONNECTED 15899
unix 3 [ ] DGRAM 7294626
unix 3 [ ] STREAM CONNECTED 15862
unix 3 [ ] STREAM CONNECTED 14028
unix 3 [ ] STREAM CONNECTED 14029 /run/systemd/journal/stdout
unix 3 [ ] DGRAM 7294628
unix 3 [ ] STREAM CONNECTED 15929
unix 3 [ ] STREAM CONNECTED 15903
unix 3 [ ] STREAM CONNECTED 15879
unix 2 [ ] DGRAM 7319370
unix 3 [ ] STREAM CONNECTED 13438
unix 3 [ ] STREAM CONNECTED 7294591 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 15708
unix 2 [ ] DGRAM 7285260
unix 3 [ ] STREAM CONNECTED 7285243 /run/systemd/journal/stdout
unix 3 [ ] DGRAM 7304556
unix 3 [ ] STREAM CONNECTED 15863
unix 3 [ ] STREAM CONNECTED 7294590
unix 3 [ ] STREAM CONNECTED 15935
unix 3 [ ] STREAM CONNECTED 7285242
unix 2 [ ] DGRAM 7294613
unix 3 [ ] STREAM CONNECTED 15932
unix 3 [ ] DGRAM 7304557
unix 3 [ ] DGRAM 7294625
unix 3 [ ] STREAM CONNECTED 15933
unix 3 [ ] STREAM CONNECTED 15886
unix 2 [ ] DGRAM 7293132
unix 2 [ ] DGRAM 7320028
unix 3 [ ] STREAM CONNECTED 7304548
unix 3 [ ] STREAM CONNECTED 15924
unix 3 [ ] STREAM CONNECTED 7294480
unix 3 [ ] STREAM CONNECTED 15927
unix 2 [ ] DGRAM 7324002
unix 3 [ ] STREAM CONNECTED 7294481 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15926
unix 3 [ ] STREAM CONNECTED 15896
unix 2 [ ] DGRAM 7304552
unix 3 [ ] STREAM CONNECTED 15921
unix 3 [ ] STREAM CONNECTED 14308 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15920
unix 3 [ ] STREAM CONNECTED 14223
unix 3 [ ] STREAM CONNECTED 15923
unix 3 [ ] STREAM CONNECTED 7304549 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15894
unix 2 [ ] STREAM CONNECTED 7320025
unix 3 [ ] STREAM CONNECTED 14084 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15893
unix 3 [ ] STREAM CONNECTED 15874
unix 3 [ ] STREAM CONNECTED 15873
unix 3 [ ] STREAM CONNECTED 14083
unix 3 [ ] STREAM CONNECTED 15944
unix 2 [ ] DGRAM 7285164
unix 3 [ ] STREAM CONNECTED 13365
unix 3 [ ] STREAM CONNECTED 15945
unix 2 [ ] DGRAM 9355
unix 3 [ ] STREAM CONNECTED 15887
unix 3 [ ] STREAM CONNECTED 15947
unix 3 [ ] STREAM CONNECTED 15948
unix 3 [ ] STREAM CONNECTED 7319546
unix 3 [ ] STREAM CONNECTED 7319545
unix 3 [ ] STREAM CONNECTED 15950
unix 3 [ ] STREAM CONNECTED 15951
unix 3 [ ] STREAM CONNECTED 15900


#2

nhttps://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates

the guide i used


#3

That’s… not a great guide. (As you’ve discovered!) I’d suggest following these instructions instead.


#4

Yeah, to try to clarify the issue, using --standalone is probably not the best option when you have an existing web server. It is mostly mean for cases when there is no existing web server present.

You may get better results with --apache (described by the instructions @jmorahan linked to), or, if not, with --webroot, which uses a different method to prove your control over the domain, and which also requires you to specify the directory where web content is served from on your system with the -w option.


#5

hey jmorahan

when i input this: sudo add-apt-repository ppa:certbot/certbot
i get the following: sudo: add-apt-repository: command not found

why is that? any idea?


#6

so if i have multiple domains and my files are stored in /var/www/html/pass-uber-test.com
so the command will be certbot certonly --webroot -w /var/www/html/pass-uber-test.com -d www.pass-uber-test.com -w /var/www/html/mallofpakistan.pk -d mallofpakistan.pk?
(BTW when i enter the above it gives me the following error: certbot: command not found)

or sudo -H ./letsencrypt-auto certonly --webroot -w /var/www/html/pass-uber-test.com -d www.pass-uber-test.com -w /var/www/html/mallofpakistan.pk -d mallofpakistan.pk?


#7

Oops! That should be apt-add-repository, not add-apt-repository!


#8

No, wait, I’m wrong. Apparently both versions are correct. I never knew that, I’ve always used apt-add-repository.

Maybe you need to install it first? Try:

sudo apt-get install software-properties-common

I thought that was available by default in Ubuntu though…


#9

yea it worked.
But now it is giving me this error:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):7 8 9 10
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for www.mallofpakistan.pk
tls-sni-01 challenge for pass-uber-test.com
tls-sni-01 challenge for www.pass-uber-test.com
tls-sni-01 challenge for mallofpakistan.pk
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. pass-uber-test.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 192.64.119.82:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: pass-uber-test.com
    Type: connection
    Detail: Failed to connect to 192.64.119.82:443 for TLS-SNI-01
    challenge

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

What I don’t understand is that the ‘https’ is not showing on the other domain (i.e. mallofpakistan.pk). The error is only for pass-uber-test.com? I need to fix both…


#10

If you request all the domains in a single command, it will fail if any of them have errors. If you want to set up the working one separately first, you can do it in a command on its own.

As for fixing the error: pass-uber-test.com and www.pass-uber-test.com don’t point to the same IP address, so maybe pass-uber-test.com is pointing to the wrong server?


#11

Thanks man! i got it to work.

One more question: Currently it is showing the ‘https’ however it still says: “Your connection to this site is not fully secure” To get the fully secure thing, is LetsEncrypt not enough? Am i missing something? (check my website www.pass-uber-test.com)

Best,
Ali


#12

You need to make sure that all images, scripts, stylesheets etc. are referenced by their https:// rather than http:// URLs. https://www.whynopadlock.com/ can help you with this.


#13

thank you sir! everything is good now


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.