During my initial server setup I configured a DNS record for the subdomain www-test for server unit testing. When I ran letsencrypt on that apache configuration everything worked smoothly. The certs were created, config updated and the system was reachable at https://www-test.
I removed that www-test config from apache, enabled the production apache configuration and restarted apache.
I archived the contents of my /etc/letsencrypt directory and then emptied that folder to ensure everything would be clean for the production configuration.
Now I am trying to create a new certificate for for my production subdomain www. The apache configuration is running and I can reach the site by name as well as by IP.
However, when I attempt to run certbot --apache it is reporting an issue.
Failed authorization procedure. www.<redacted>.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to x.x.x.x:443 for TLS-SNI-01 challenge, www.<redacted>.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to x.x.x.x:443 for TLS-SNI-01 challenge IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.<redacted>.org Type: connection Detail: Failed to connect to x.x.x.x:443 for TLS-SNI-01 challenge Domain: www.<redacted>.net Type: connection Detail: Failed to connect to x.x.x.x:443 for TLS-SNI-01 challenge To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
I’ve attempted to run a curl to verify access.
x@fast:~/work$ curl -v x.x.x.x:443
* About to connect() to x.x.x.x port 443 (#0)
* Trying x.x.x.x…
* Connected to x.x.x.x (x.x.x.x) port 443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.26.0
> Host: x.x.x.x:443
> Accept: /
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 302 Found
< Date: Sat, 02 Jul 2016 17:15:18 GMT
< Server: Apache/2.4.10 (Debian)
< Location: http://www..net/
< Content-Length: 1
< Content-Type: text/html; charset=UTF-8
* Connection #0 to host x.x.x.x left intact * Closing connection #0
I am sure I’m overlooking something obvious but if anyone could provide any clues I would be extremely grateful.