Failed to connect to host for DVSNI challenge

Hi,

While trying to install the certificate, I get “Failed to connect to host for DVSNI challenge” error message. I tried this by using the standalone plugin command
sudo ./letsencrypt-auto certonly -a standalone -d xxx.yyyy.com --server https://acme-v01.api.letsencrypt.org/directory

My domain is hosted in AWS EC2. I have ensured that the ports 80 and 443 are open. I’ve also checked all the threads related to this subject with no luck. Need some help is resolving the issue.

Do you have an existing application ( apache, nginx …) already running on port 443 ? if so that needs to be stopped.

Do you have any firewall blocking access to port 443 from the general internet ?

There are no applications running in port 443. Also, no firewall blockings to the port… double checked these…

Are you happy to provide the domain name ( so we can check DNS for possible issues ) and the full log ( preferably using the verbose flag). You can do that via pastebin if you like, to limit it’s time of availability if you prefer.

the domain name is eas.intrado.com/EAS/

I’m slightly confused by the /EAS/ at the end …

Are you trying to get a certificate for the domain ( eas.intrado.com ) or for a folder on that domain ( eas.intrado.com/EAS/ ) ?

we have registered the domain as eas.intrado.com/EAS/

registered the domain with who?

eas.intrado.com/EAS/ isn’t a FQDN (fully qualified domain name ), which if you are trying to obtain an SSL certificate for that, will be why it’s failing.

It looks like you’re using ELB. If your ELB instance is terminating SSL (as opposed to TCP passthrough), you won’t be able to use the TLS-SNI-01 challenge type, because that challenge involves changing your SSL configuration on the fly.

http-01 would work for your use-case. You can use this by adding --standalone-supported-challenges http-01 to your command. The client will listen on port 80 in that mode.

I’m trying to obtain certificate for http://eas.intrado.com/

This is the command I used to install the certificate

sudo ./letsencrypt-auto certonly -a standalone -d eas.intrado.com --server https://acme-v01.api.letsencrypt.org/directory

I tried with

sudo ./letsencrypt-auto certonly -a --standalone-supported-challenges http-01 -d eas.intrado.com --server https://acme-v01.api.letsencrypt.org/directory

but getting an info like
"The Let’s Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:"

You’ll want to append that to the existing arguments, i.e.:

sudo ./letsencrypt-auto certonly -a standalone --standalone-supported-challenges http-01 -d eas.intrado.com --server https://acme-v01.api.letsencrypt.org/directory

I tried appending to existing argument. But still getting the below error:

Detail: Invalid response from http://eas.intrado.com/.well-known/acme-challenge/dXRZJ7dGXmG9_j7Rccy_tzAWXo5rmeEa4P7Fues7zG4

Try again while appending -vvvvv at the end and include the full output and logs from /var/log/letsencrypt.

Tried appending -vvvvv, getting the below issue:

Type: unauthorized
Detail: Invalid response from http://eas.intrado.com/.well-known
/acme-challenge/WMHv8m-hYn8iaIvJBMGDgI8iBTCyQemT45nGlCc6Yg4

Please provide the full output and logs from /var/log/letsencrypt.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.