I tried to attach the full log file here, but it won’t let me upload an attachment. So, the tail end of the log is:
2017-08-01 18:38:59,413:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/nmItBKfb2ancI1cqpRxvP2V4_51ybTjkYp18z80HDFE.
2017-08-01 18:38:59,529:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/nmItBKfb2ancI1cqpRxvP2V4_51ybTjkYp18z80HDFE HTTP/1.1" 200 1506
2017-08-01 18:38:59,530:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 1506
Strict-Transport-Security: max-age=604800
Boulder-Request-Id: poHdMXf5K0w_53_Zt1OEfasW8NDle02xBD0myBsD30A
Expires: Tue, 01 Aug 2017 18:38:59 GMT
Server: nginx
Connection: keep-alive
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store
Date: Tue, 01 Aug 2017 18:38:59 GMT
X-Frame-Options: DENY
Content-Type: application/json
Replay-Nonce: 6xJw3HoESjFSd7PZO1odEqS2fPnRWW4sXOaPVg0PFls
{
"identifier": {
"type": "dns",
"value": "bookishfirst.com"
},
"status": "invalid",
"expires": "2017-08-08T18:38:49Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/nmItBKfb2ancI1cqpRxvP2V4_51ybTjkYp18z80HDFE/1662246173",
"token": "9cJpzvMfOe0FJNZPdxkQQQ6RkpIunu4qVmIfIDODTCA"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/nmItBKfb2ancI1cqpRxvP2V4_51ybTjkYp18z80HDFE/1662246174",
"token": "pr_HCboX7isKIDhy7tlTZYGQc-7vnfRr2pXwrcEcgx0"
},
{
"type": "tls-sni-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "Timeout",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/nmItBKfb2ancI1cqpRxvP2V4_51ybTjkYp18z80HDFE/1662246175",
"token": "4VZEkwMDvfjAwh2eq_mQMhStDLhzzcEEEpGl2g72gdM",
"keyAuthorization": "4VZEkwMDvfjAwh2eq_mQMhStDLhzzcEEEpGl2g72gdM.6Nzg6WIfDDK59H1DpedwWooinKObOIQ1Xt_w9pnU3u8",
"validationRecord": [
{
"hostname": "bookishfirst.com",
"port": "443",
"addressesResolved": [
"107.20.245.193"
],
"addressUsed": "107.20.245.193",
"addressesTried": []
}
]
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}
2017-08-01 18:38:59,532:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: bookishfirst.com
Type: connection
Detail: Timeout
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2017-08-01 18:38:59,532:INFO:certbot.auth_handler:Cleaning up challenges
2017-08-01 18:39:00,064:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.14.2', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 742, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 597, in run
certname, lineage)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 313, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. bookishfirst.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
The IP address is correct at 107.20.245.193. Requesting https://bookishfirst.com should result in a certificate from bookish.com
. If you hit https on the IP address, it would give you the one from netgalley.com
. I had configured the bookishfirst.com
host with the other certificate just so it would respond on 443, but I’ve also tried removing that entirely and the certbot --apache
command gave the same error.