Please fill out the fields below so we can help you better.
My domain is:
I ran this command:
letsencrypt certonly --standalone --renew-by-default -d mydomain.com -d bt.mydomain.com
It produced this output:
Failed to connect to 172.123.45.67:443 for tls-sni-01 challenge, bt.mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 172.123.45.67:443 for tls-sni-01 challenge, mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bt.mydomain.com
Type: connection
Detail: Failed to connect to 172.123.45.67:443 for tls-sni-01
challenge
Domain: mydomain.com
Type: connection
Detail: Failed to connect to 172.123.45.67:443 for tls-sni-01
challenge
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
Nginx 1.12.0 but only used as a reverse proxy.
The operating system my web server runs on is (include version):
Ubuntu 16.04
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
Letsencrypt's been working great (for about a year now) until a week ago i've been starting to receive these errors preventing me from renewing. I run the renewal process weekly (cron job), which is way less often than the recommended I know.
I use Nginx as a reverse proxy and don't use a web server, or at least I don't think it's enabled, thus why 172.123.45.67:443 doesn't return anything.
But it's never been a problem before. So do I need to enable Nginx's web server now?
Here's my renewal config file:
cert = /etc/letsencrypt/live/mydomain.com/cert.pem
privkey = /etc/letsencrypt/live/mydomain.com/privkey.pem
chain = /etc/letsencrypt/live/mydomain.com/chain.pem
fullchain = /etc/letsencrypt/live/mydomain.com/fullchain.pem
Options and defaults used in the renewal process
[renewalparams]
no_self_upgrade = False
no_verify_ssl = False
ifaces = None
register_unsafely_without_email = False
uir = None
installer = none
config_dir = /etc/letsencrypt
text_mode = True
staging = False
dry_run = False
work_dir = /var/lib/letsencrypt
tos = False
init = False
http01_port = 80
duplicate = False
noninteractive_mode = False
key_path = None
nginx = False
fullchain_path = /root/chain.pem
email = myEmail@provider.com
csr = None
agree_dev_preview = None
redirect = None
verbose_count = -3
config_file = None
renew_by_default = True
hsts = False
authenticator = standalone
domains = mydomain.com, bt.mydomain.com
rsa_key_size = 4096
verb = certonly
checkpoints = 1
manual_test_mode = False
apache = False
cert_path = /root/cert.pem
webroot_path = ,
reinstall = False
expand = False
strict_permissions = False
account = *****************32efdb09
prepare = False
manual_public_ip_logging_ok = False
chain_path = /root/chain.pem
break_my_certs = False
standalone = True
manual = False
server = https://acme-v01.api.letsencrypt.org/directory
standalone_supported_challenges = tls-sni-01
webroot = False
os_packages_only = False
func = <function obtain_cert at 0x7f7bf20dbc80>
user_agent = None
debug = False
tls_sni_01_port = 443
logs_dir = /var/log/letsencrypt
configurator = None
[[webroot_map]]
