Failed authorization procedure. The server could not connect to the client


#1

My domain is: sadhir.ddns.net

I ran this command: certbot certonly

It produced this output: (see screenshot)

My web server is (include version): Apache24

The operating system my web server runs on is (include version): FreeNas Jail

My hosting provider, if applicable, is: Not Applicable

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I am not sure what this means.

I am trying to get a certificate for my NextCloud server. It is currently using a self signed one. Also, how do I upgrade to TLS 1.2? I installed NextCloud as a plugin in FreeNas and it is currently using TLS 1.0


#2

Hi @abcd,

I think the problem is that the certificate authority is willing to follow redirects, but the target of the redirect is still expected to be a domain name rather than an IP address. @jsha, is that correct?


#3

Yep, that is correct.


#4

So I should enter the IP Address when it asks for the domain?


#5

No, Certbot can’t issue certificates for IP addresses.

You’ll need to do the certificate authentication in another way, or not have the other server (at 34.199.8.144) generate a redirect to your server by IP address. Instead, there needs to be some kind of DNS name with an A record that points directly at your server’s IP address.


#6

So I think I successfully got a certificate for sadhircloud.ddns.net as shown in the shell screenshot, but I am still getting the self signed certificate warning in Firefox (screenshot attached) when I go to: https://sadhircloud.ddns.net
But I when I go to sadhircloud.ddns.net without using https, I end up at my login page without tls. I guess I could solve this by closing port 80, but does certbot need port 80 to remain open?SUCCESS


#7


#8

Hi @abcd,

Installer None means that Certbot did not do anything to edit your web server configuration. Therefore, your certificate exists but your web server has not yet been configured to use it. You can install it yourself by editing your server configuration files, or use Certbot in a different way (not with certonly) to have Certbot do this for you.

We recommend continuing to have your web server listen on port 80 and forward HTTP requests to corresponding HTTPS requests. Otherwise, your site won’t work properly in many browsers when people type in the domain name without the “https://”.


#9

Ah good point. I edited my config files and it is working now. Thanks for all the help!


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.