Failed Authorization Challenges

chrislentz · November 2, 2017, 11:21pm

My domain are not able to pass the authorization challenges. I have confirmed the A records are all correct and when I visit the domains via the browser, I see my correct placeholder html files. I am running on AWS EC2 / Ubuntu 16.04 / Nginx 1.10.3. My domain is registered via GoDaddy with namservers pointed to AWS Route 53 for DNS.

My domain (s) are: app.farmd.com api.farmd.com

I ran this command:
certbot --nginx -d app.farmd.com -d api.farmd.com

It produced this output:
Failed authorization procedure. app.farmd.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout, api.farmd.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

Any idea why this might be occurring? I have used Let’s Encrypt many times with no issues on other domains and servers.

jmorahan · November 3, 2017, 12:11am

Do you have a firewall (or EC2 security group) blocking access to port 443?

chrislentz · November 3, 2017, 12:46am

@jmorahan Ahh thank you. The second you said “firewall”, a light bulb went off in my head. I am using AWS’s new LightSail service and I checked ufw but LightSail has a AWS Console UI firewall that blocks 443 by default. I opened that up and the challenges went through no problem.

Thanks!

system · December 3, 2017, 12:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.