Certbot unable to authorize domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bhaveshgoyal.xyz

I ran this command: certbot --apache

It produced this output:

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for bhaveshgoyal.xyz
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. bhaveshgoyal.xyz (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data

My web server is (include version): Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 14.04 (Trusty)

My hosting provider, if applicable, is: Amazon aws

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

A post was split to a new topic: Unable to validate domain (IIS)

@bhaveshgoyal could you please provide the full ouptut from the certbot --apache command? I think the relevant information may have been just after the bit that you posted.

Without that information though, my first guess would be: did you remember to allow port 443 in your security group configuration?


Let’s Encrypt is connecting to port 443 (HTTPS) on your site to validate it. But it looks like OpenSSH is listening on port 443, rather than Apache.

You need to use DNS-01 or HTTP-01 validation, or ensure that a usable web server is on port 443.

Aah. Right. I now remember firing up the ssh daemon to tunnel my connections through 443. How could I forget about this. Thanks a lot for your time on this :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.