Failed authorization procedure. mydomain (tls-sni-01): urn:acme:error:connection


#1

I can’t issue a letsencrypt cert by running:

sudo letsencrypt certonly \
  --standalone \
  -d itsnikolay.ru

I get the following exception:

Failed authorization procedure. itsnikolay.ru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 178.62.204.132:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: itsnikolay.ru
   Type:   connection
   Detail: Failed to connect to 178.62.204.132:443 for TLS-SNI-01
   challenge

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I made sure those tips by running the following command:

curl 178.62.204.132:443
curl itsnikolay.ru:443
curl 178.62.204.132
curl itsnikolay.ru

And they pass!
What’s wrong?


#2

You are currently providing http on port 443 via an nginx server.

If you are using the standalone method, you need to shut down the existing services on ports 80 / 443.


#3

I turned off nginx server
But it still fails


#4

nginx is still running when I test from here to your IP

$ curl -I http://itsnikolay.ru:443
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 11 Oct 2016 09:46:40 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive

#5

Sorry, Monit run Nginx
now I disable Monit and Nginx, but the same stuff is till here:

❯ curl -I http://itsnikolay.ru:443                                                                                                                              
curl: (7) Failed to connect to itsnikolay.ru port 443: Connection refused
❯ sudo letsencrypt certonly \                                                                                                                             project-notes/git/master !
  --standalone \
  -d itsnikolay.ru
Failed authorization procedure. itsnikolay.ru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 178.62.204.132:443 for TLS-SNI-01 challenge

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: itsnikolay.ru
   Type:   connection
   Detail: Failed to connect to 178.62.204.132:443 for TLS-SNI-01
   challenge

#6

Hi @itsNikolay,

Could you have any kind of firewall that either (1) prevents certain programs from listening on port 443, or (2) prevents certain IP addresses from making inbound connections to your server?


#7

Sorry, my fault
Letsencrypt command should be run from the same server wherever the domain follows


#8

Note that if this isn’t possible, the DNS challenge type can sometimes help – it’s supported by several of the bash clients and now by Certbot in 0.9.0 and later versions. But you would have to be able to update DNS records for the subject domain from the machine where you’re running whichever Let’s Encrypt client.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.