DVSNI challenge


#1

So I was recently looking at letsencrypt. It looks pretty good so I wanted to try it on my very basic and simple website! When I started installing it it gave me an error. (Also, I am using apache2). I am sure you’ve seen this problem before. Detail: Failed to connect to host for DVSNI challenge So I am pretty sure this is because I don’t have port 443 open. I am new to linux, and I don’t know how to open it. Also, do you think there could be other problems? Thanks!!!


#2

Welcome! Can you provide the command line you used to run the letsencrypt client, and the log output (will typically be in /var/log/letsencrypt.log)?


#3

I don’t exactly know what you mean by output and command line. I am running debain linux for the command line if that’s what you mean. I also can’t find the log output where you said it would be. I can show you what I got when it finished. This is what I got

Failed authorization procedure. jasong.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge

jasong.org is my website by the way.


#4

I think jsha means " what was the command you typed to run the letsencrpyt client"?


#5

Ah, here is what I typed when I was in letsencrypt

./letsencrypt-auto --apache --email
wontsay@gmail.com --agree-tos -d jasong.org


#6

Perfect - thanks ( just as a note, you may want to edit your email address there - just to stop bot’s picking up your email address and sending you spam :wink: )


#7

Just changed that, thanks mate.


#8

Looking at it quickly I see 2 possible issues.

  1. your site uses cloudflare - which will mean you are linking to cloudflare servers / cache in the “verification” rather than your actual server.

  2. it’s reporting as nginx rather than apache ( although might of course just be cloudflare, not your real site )

You may be better temporarily setting cloudflare DNS to route requests directly to your site during verification, or use the DNS challenge option ( only available in alternate clients at the moment )


#9

I could take cloudflare off for a bit. How do I fix number 2?

Also I am using a no-ip domain that has it set so it will always go to my home ip. (My ip is dynamic so it will change and the no-ip makes it work just fine) Does this have any effect on my website too?


#10

You may not need to solve 2 at all. (I can’t tell, unless you want to PM me your current IP address to test)

Dynamic IP address isn’t a problem, as long as it’s pointing correctly to your home IP


#11

It does point correctly. I just don’t know how to fix my previous error


#12

You didn’t need to change your nameservers away from cloudflare … just change the setting within couldflare to not use cloudflare’s cache.

Now that you have changed things to point direct to your IP, you can try running the same command again.


#13

How do I open ports on linux serverco?


#14

Generally by having an application that listens on that port. ( unless you are meaning opening the port on a firewall).

I assume you mean how do you listen on port 443 ( https). Configure your apache to listen on port 443 for https.


#15

I don’t know how too


#16

Help me please. Anyone


#17

try my client:

Very simply to use.


#18

That’s a BIG question to answer here! There are many ways your Apache could be currently configured and the LE client is still in beta (v0.5) so it doesn’t handle unexpected setups well.

Also, try shutting down Apache before running the letsencrypt command, it’s possible the client is trying to communicate on the same port that Apache is already using.

Serverco and the others will do their best to help you obtain a Let’s Encrypt TLS certificate, but you might want to take a look at the Apache docs. There are plenty of other forums that specialise in configuring Apache :wink:

EDIT: Or use Neilpang’s client above - it’s a bash client (not python) and you may find it less troublesome!


#19

Sorry, got to night time here.

Why do you want to open up the port ?

You were getting an error because you were using cloudflare ( so a browser, or LE) was getting files from cloudflare not your server - and when using https it was going to https on cloudflare - not your server )

You have changed from using cloudflare, so you should be able to just reissue the command again, and it should now work ( you don’t need to open any ports or anything).


#20

So, far I it’s working!!! I redirected it directly to my ip address and it worked. I don’t know how, it just worked!