Connection error when creating certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:oiltest24.de

I ran this command:sudo certbot --apache -d oiltest24.de -d www.oiltest24.de

It produced this output:
Failed authorization procedure. www.oiltest24.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.oiltest24.de/.well-known/acme-challenge/t-s0PqHOCypSpJnAR-slhhwZug1RTmYKDy1S8gTNN9Y: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

My web server is (include version):apache2 Version 2.4.29

The operating system my web server runs on is (include version):Ubuntu 18.04

My hosting provider, if applicable, is:unknown

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):0.31.0

2 Likes

You've got two IP addresses configured for your domain (same goes for the www subdomain):

oiltest24.de.		86400	IN	A	89.22.111.88
oiltest24.de.		86400	IN	A	89.22.115.142

For the IP address 89.22.111.88 I can connect to port 80 without a problem, but I can't connect to 89.22.115.142 on port 80.

There's a 50 % chance Let's Encrypt will choose either one of those IP addresses per validation attempt and there are a multiple of validation attempts (also a few from secondary locations). So there's a pretty good chance the whole validation will fail.

Also, I don't know of both IP addresses are on the same server? Because even if you do manage to open up port 80 for 89.22.115.142, if that's a different server than the server you're running certbot on, the challenge will fail too.

5 Likes

Hi, you are right I honestly dont know why there is a second A record with the 89.22.115.142 IP, it shouldnt be there. I will have a look into the A records and try again. Thank you.

4 Likes