Error attempting to get SSL certificate for website

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

iwasframed.com

I ran this command:

sudo certbot --apache

It produced this output: > Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: iwasframed.com
2: www.iwasframed.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for iwasframed.com
http-01 challenge for www.iwasframed.com
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. iwasframed.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://iwasframed.com/.well-known/acme-challenge/oMJzibgPa9Lmsis8MXml2uOG6gX8HxQxzxDsPJVDqXE: Error getting validation data, www.iwasframed.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.iwasframed.com/.well-known/acme-challenge/Gc1z27LEFo7y3CPNLJY_zWQgLtmfi7ZeDGVxosaMvck: Error getting validation data

IMPORTANT NOTES:

My web server is (include version):

Apache 2.4.38

The operating system my web server runs on is (include version):

Raspian Linux 10 (Buster)

My hosting provider, if applicable, is:

Myself with a raspberry pi.

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.31.0

I have tried searching for help, but I just can’t seem to figure out why I’m receiving the errors I’m receiving when attempting to generate an SSL Certificates for my www & non-www site. I’m hosting the web server myself, but I use Google Domains to manage my synthetic records with Dynamic DNS.

I did try creating the file with no extension, 123456789, and am able to access each file with this:

http://iwasframed.com/.well-known/acme-challenge/123456789
http://www.iwasframed.com/.well-known/acme-challenge/123456789

I appreciate any help you can provide me. I’m very new to this, so thank you in advance.

Mike

2 Likes

Looks like an IPv6 issue:

3 Likes

Hi @mikesanders

read your check result, some hours old - https://check-your-website.server-daten.de/?q=iwasframed.com

Only timeouts.

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
iwasframed.com A yes 1 0
AAAA yes
www.iwasframed.com A yes 1 0
AAAA 2600:1700:3b01:2a70:39f4:c006:5714:ae24 Visalia/California/United States (US) - AT&T Services, Inc. yes

Your non-www has no ip address, your www has one. But that doesn’t work.

Domainname Http-Status redirect Sec. G
http://www.iwasframed.com/ 2600:1700:3b01:2a70:39f4:c006:5714:ae24 -14 10.050 T
Timeout - The operation has timed out
https://www.iwasframed.com/ 2600:1700:3b01:2a70:39f4:c006:5714:ae24 -14 10.013 T
Timeout - The operation has timed out
http://www.iwasframed.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2600:1700:3b01:2a70:39f4:c006:5714:ae24 -14 10.043 T
Timeout - The operation has timed out

PS: If you want to create a certificate with non-www and www, first add a non-www AAAA entry.

3 Likes

Thank you for the reply, but I’m completely lost. I don’t know what I’m doing wrong. I don’t know what you mean by “Only timeouts” because there is not problem connecting go my website or is that something else? If so, what do I fix?

This is because that’s how Google Domains is doing it. Here’s a screen shot of how I set it up with Google. Should I be doing it differently?

Thanks again. If I come off rambling it’s just because I’m so new to this, then I may not know what to ask correctly.

Mike.

2 Likes

That’s

only your internal connection.

External - your website isn’t visible.

That’s the reason you have to use online tools.

If an online tool can’t connect your website, Letsencrypt may not be able to connect and check your website.

3 Likes

@JuergenAuer Thank you so much!! I see exactly what you were trying to get across to me. I needed to create the appropriate resource record with my IP address. After I did that, then I was able to easily create the SSL certificates for my www & non-www domain.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.