Failed to connect to xxx.xxx.xx.xx:443 for TLS-SNI-01 challenge


#1

Please fill out the fields below so we can help you better.

My domain is: heytred.com

I ran this command: ./letsencrypt-auto --apache -d heytred.com

It produced this output:

  • The following errors were reported by the server:

    Domain: heytred.com
    Type: connection
    Detail: Failed to connect to xxx.xxx.xx.xx:443 for TLS-SNI-01
    challenge

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My operating system is (include version): Ubuntu Server 16.04

My web server is (include version): Apache/2.4.18

My hosting provider, if applicable, is: Google Domains

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

So, I’m incredibly new to this - following some guides online and even though I have relevant experience, nothing with web hosting or certificates. I’m continually getting this error though I’m forwarding Ports 80 and 443 and I’ve verified my ISP isn’t blocking Port 443. I have made sure to set my Firewall to allow Apache traffic, so I’m really just lost. Hoping someone can help me out!

I’m using this as a home server to learn some new skills, so you may have to talk to me like a 4 year old. :stuck_out_tongue:


#2

I’m having the exact issue actually. I have my DNS setup to point to my public IP and my router to forward all traffic on port 80 and 443 to my webserver.


#3

Yeah, I’ve seen quite a few posts about the same issue, but the resolutions never point me in the right direction. I’ll let you know if I figure anything out!


#4

If I check your DNS records for heytred.com, I’m not seeing any A record (i.e. I can’t find what IP your domain is hosted on from the DNS records).


#5

I failed to save the website forwarding changes I made in google domains. It should be resolving now, but I’m still experiencing the same issue with Lets Encrypt.


#6

Is your domain accessible generally from the internet ? I get a redirect to a private IP address

$curl -i  heytred.com
HTTP/1.1 302 Found
Location: https://10.0.0.220
Date: Sun, 07 Aug 2016 15:42:34 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Length: 215
Connection: Keep-Alive

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://10.0.0.220">here</A>.
</BODY></HTML>

#7

See - I told you I was a complete newbie…

So I had my Google domain forwarding the domain to the private IP of my home Ubuntu Server. I’ve been doing some reading and deleted the domain forwarding and set up a type A resource record for my domain with my public IP address. So, I ran the letsencrypt apache module again and this time received a DNS lookup error.

Appreciate your help so far! I’ll get this figured out. :smiley:


#8

can you paste the exact error message you were getting please ?


#9

The following errors were reported by the server:

Domain: www.heytred.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for www.heytred.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.


#10

Just got it working - not exactly sure what changed, but I ran the command and was able to get my cert.


#11

It looks as if you have DNS set up for heytred.com but not for www.heytred.com

So you should be able to get a cert for heytred.com … but probably not for www.heytred.com :wink:


#12

Hmm… I thought setting the ServerAlias in my apache conf file would take care of that. Welp, either way, I’ll make the DNS entry for www! Appreciate the help - this gives me a good chance to figure it out.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.