I ran this command: ./certbot-auto certonly --standalone --email email@gmail.com -d example.com -d www.example.com with my information instead of the placeholders, and I get this error:
Failed authorization procedure. example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 195.20.46.204:443 for TLS-SNI-01 challenge, www.example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 195.20.46.204:443 for TLS-SNI-01 challenge
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.com
Type: connection
Detail: Failed to connect to 195.20.46.204:443 for TLS-SNI-01
challenge
Domain: www.example.com
Type: connection
Detail: Failed to connect to 195.20.46.204:443 for TLS-SNI-01
challenge
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
What is the issue that is causing it to fail to connect?
The netstat output shows that the local machine thinks it is listening on those ports. However, it’s possible that some firewall outside your machine is blocking port 443. If you have different machine you can test from, try running
Doesn’t that have the same effect as opening Chrome and typing in that URL? Also, I just want to clarify that https://195.20.46.204:443/ isn’t the URL of my server, but it seems like the URL of the domain registrar, as if you delete :443 and just try :80, then you will see it redirects to http://dot.tk, which is the TLD of my domain.
In that case, you might be looking at a DNS issue. The CA server got the IP address 195.20.46.204 when it asked your name server for the A record for your domain. Make sure that dig @your.name.server.example.com example.com A returns the correct IP address (you can use dig example.com NS to get the name server(s), and then check each of them.
Your domain needs to resolve to the IP address of your server. It currently resolves to 195.20.46.204, which appears to be the IP address of your domain registrar’s website.
dig is a command-line tool you can use to query DNS records. If you’re on Windows, nslookup would provide similar features.
Typically your domain registrar has a control panel where you can change your name server or DNS records. In your case, you’d need to change the A record for ilanbiala.tk (and any other domain you want to use) to point to your own IP address instead of 195.20.46.204.
You should be able to run the original command you used successfully now. If the error does not change with the new IP address, you’re likely looking at some kind of firewall problem somewhere between your server and Let’s Encrypt (could be anything from iptables to your ISPs firewall).