Failed to connect to host for DVSNI challenge


#1

Hi,

While trying to install the certificate, I get “Failed to connect to host for DVSNI challenge” error message. I tried this by using the standalone plugin command
sudo ./letsencrypt-auto certonly -a standalone -d xxx.yyyy.com --server https://acme-v01.api.letsencrypt.org/directory

My domain is hosted in AWS EC2. I have ensured that the ports 80 and 443 are open. I’ve also checked all the threads related to this subject with no luck. Need some help is resolving the issue.


#2

Do you have an existing application ( apache, nginx …) already running on port 443 ? if so that needs to be stopped.

Do you have any firewall blocking access to port 443 from the general internet ?


#3

There are no applications running in port 443. Also, no firewall blockings to the port… double checked these…


#4

Are you happy to provide the domain name ( so we can check DNS for possible issues ) and the full log ( preferably using the verbose flag). You can do that via pastebin if you like, to limit it’s time of availability if you prefer.


#5

the domain name is eas.intrado.com/EAS/


#6

I’m slightly confused by the /EAS/ at the end …

Are you trying to get a certificate for the domain ( eas.intrado.com ) or for a folder on that domain ( eas.intrado.com/EAS/ ) ?


#7

we have registered the domain as eas.intrado.com/EAS/


#8

registered the domain with who?

eas.intrado.com/EAS/ isn’t a FQDN (fully qualified domain name ), which if you are trying to obtain an SSL certificate for that, will be why it’s failing.


#9

It looks like you’re using ELB. If your ELB instance is terminating SSL (as opposed to TCP passthrough), you won’t be able to use the TLS-SNI-01 challenge type, because that challenge involves changing your SSL configuration on the fly.

http-01 would work for your use-case. You can use this by adding --standalone-supported-challenges http-01 to your command. The client will listen on port 80 in that mode.


#10

I’m trying to obtain certificate for http://eas.intrado.com/


#11

This is the command I used to install the certificate

sudo ./letsencrypt-auto certonly -a standalone -d eas.intrado.com --server https://acme-v01.api.letsencrypt.org/directory


#12

I tried with

sudo ./letsencrypt-auto certonly -a --standalone-supported-challenges http-01 -d eas.intrado.com --server https://acme-v01.api.letsencrypt.org/directory

but getting an info like
"The Let’s Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:"


#13

You’ll want to append that to the existing arguments, i.e.:

sudo ./letsencrypt-auto certonly -a standalone --standalone-supported-challenges http-01 -d eas.intrado.com --server https://acme-v01.api.letsencrypt.org/directory

#14

I tried appending to existing argument. But still getting the below error:

Detail: Invalid response from http://eas.intrado.com/.well-known/acme-challenge/dXRZJ7dGXmG9_j7Rccy_tzAWXo5rmeEa4P7Fues7zG4


#15

Try again while appending -vvvvv at the end and include the full output and logs from /var/log/letsencrypt.


#16

Tried appending -vvvvv, getting the below issue:

Type: unauthorized
Detail: Invalid response from http://eas.intrado.com/.well-known
/acme-challenge/WMHv8m-hYn8iaIvJBMGDgI8iBTCyQemT45nGlCc6Yg4


#17

Please provide the full output and logs from /var/log/letsencrypt.


#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.