When you create a certificate you are returning the error:
I ran the test and the 443 connection is responding, DNS also responds to the correct IP, until I’ve temporarily disabled the Firewall for testing and did not succeed.
Have you ever gotten a bug like this?
Hug!
Can you tell us what the specific error message was, and what software you were using? Normally when you create a Help topic, there is a list of questions about these details, and it would be helpful to have all of this information.
I’m also speculating that Portuguese is your native language and I’m happy to read and write in Portuguese if it would be easier for you.
Hello @schoen
Actually my native language is portuguese, I asked the question in English, noting that most of the users are speaking in English and it would be quicker to get help to solve the problem.
I’m trying to get a certificate for my sub-domain.
My main domain today does not have https because it does not have a website.
Attempting to obtain the certificate the following error occurs:
Failed authorization procedure. (Tls-sni-01): urn: acme: error: connection :: The server could not connect to the client to verify the domain :: Failed to connect to myip: 443 for tls-sni- 01 challenge
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: xxx.yourdomain.com
Type: connection
Detail: Failed to connect to myip: 443 for tls-sni-01
Challenge
To fix these errors, please make sure your domain name was
Entered correctly and the DNS A record (s) for that domain
Contain (s) the right IP address. Additionally, please check that
Your computer has a publicly routable IP address
Firewalls are preventing the server from communicating with the
Client. If you’re using the webroot plugin, you should also verify
That you are serving files from the webroot path you provided.
I am using Linux in Ubuntu version 16.04 with apache for web server.
Another question.
The IP of my site is shared with another site, however both are inside a DMZ, which does a NAT for the external address and are without different servers.
Could this be the problem?
For when accessing the xxx.domain.com it “redirects” to an internal ip in the type Class C 192.168.5.xxx
Thanks for filling this in. “I ran this command” is supposed to mean “In order to request the certificate, I ran this command”, for example what Certbot command you ran.
Certbot will do quite different things depending on how you use it, so that’s an important part of the question.
@carlos.eduardo, in terms of the NAT, the externally-visible TCP port 443 needs to be redirected to port 443 of the machine where you’re running Certbot, in order to pass the TLS-SNI-01 challenge. If the public port 443 is redirected to a different port or to a different machine, the TLS-SNI-01 challenge won’t succeed with Certbot’s default behavior.