Ive been stuck on this problem for over a week now and im really curious what the problem is here. If i have to post anymore info let me know. Thanks for atleast reading.
My domain is: dgmicha.com
I ran this command: sudo /etc/letsencrypt/certbot-auto certonly --agree-tos --webroot -w /data/mysite.com/www -d mysite.com -d www.mysite.com -d mail.mysite.com -d srv01.mysite.com
It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dgmicha.com
http-01 challenge for www.dgmicha.com
Using the webroot path /data/dgmicha.com/www for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. dgmicha.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.dgmicha.com/.well-known/acme-challenge/f5hDG8bpQyW-fRehqSjRLSj8oUP7gi 89iXEHVtW5kgE: Error getting validation data, www.dgmicha.com (http-01): urn:acm e:error:connection :: The server could not connect to the client to verify the d omain :: Fetching http://www.dgmicha.com/.well-known/acme-challenge/l9-qWh-ATJim AniVgqxaHfDBeb2CiXTypsKN30k9GlE: Error getting validation data
If you lose your account credentials, you can recover through
e-mails sent to firstname.lastname@example.org.
The following errors were reported by the server:
Error getting validation data
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
My web server is (include version): Nginx
The operating system my web server runs on is (include version): Raspbian (Debian)
My hosting provider, if applicable, is: namecheap.com
I can login to a root shell on my machine (yes or no, or I don’t know): yes
Your web server does not give an HTTP response to basically any query except index:
$ curl -vvv -i http://www.dgmicha.com/any-url
* Trying 18.104.22.168...
* TCP_NODELAY set
* Connected to www.dgmicha.com (22.214.171.124) port 80 (#0)
> GET /any-url HTTP/1.1
> Host: www.dgmicha.com
> User-Agent: curl/7.55.1
> Accept: */*
* Empty reply from server
* Connection #0 to host www.dgmicha.com left intact
curl: (52) Empty reply from server
It looks like http://dgmicha.com/ is using Namecheap URL forwarding, and http://www.dgmicha.com/ is using Namecheap domain parking.
You should have
AAAA records pointing at your web server to use HTTP-01 validation.
At the very least, you would need to remove that CNAME record, as it is preventing your A record from working.
You may also want to change the
@ record to also be an A record to your IP address, but it might not be totally necessary for Certbot to work.
www. record looks okay, though your web server doesn’t seem to be actually accessible at the moment. Is 126.96.36.199 the right IP?
You currently have no A record for the base domain (dgmicha.com), so you will need to add one, in a similar way to
Your A record is not working for dgmicha.com, it is only working for www.dgmicha.com. Can you take another screenshot of the DNS manager?
Looks like the A record for dgmicha.com. is working now .
The next steps would be:
- Make sure your web server is accessible from the internet. At the moment, http://188.8.131.52 does not load (no route to host). This will be either due to firewall rules, or because your web server is not running.
- Once you have confirmed the web server is running, try run the
certbot certonly command again.
I don’t know, sorry.
‘No route to host’ usually indicates a firewall issue. Maybe your residential ISP (Belgacom) blocks port 80, maybe your router is not forwarding traffic from port 80 to your web server.
Let’s Encrypt won’t be able to give you a certificate using http-01 unless you can solve it.
$ curl -i -vvv 184.108.40.206
* Rebuilt URL to: 220.127.116.11/
* Trying 18.104.22.168...
* TCP_NODELAY set
* connect to 22.214.171.124 port 80 failed: No route to host
* Failed to connect to 126.96.36.199 port 80: No route to host
* Closing connection 0
curl: (7) Failed to connect to 188.8.131.52 port 80: No route to host
You can alternatively use dns-01 validation to get your certificate, by using
--preferred-challenges dns-01 instead of
--webroot -w /data/mysite.com/www in your command.
This would allow you to work around the problem of your web server not being accessible from the internet.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.