During setup and testing of letsencrypt, I stopped receiving status “valid” and now receive status “invalid.” I did clone server images back and forth between 2 servers with different IP addresses, and I made an adjustment to DNS to redirect DNS for one host (eg: abc.example.com) from one server to another while testing in an attempt to minimize risk to my production server. Here are details of the error messages:
(Log info) Response when I got certificate:
“status”:“valid”, <— VALID
(Log info) Response from CA, now that I cannot get certificate:
“status”:“invalid”, <— INVALID
“detail”:“Failed to connect to host for DVSNI challenge”
Error message at running letsencrypt:
Detail: Failed to connect to host for DVSNI challenge
2016-02-12 10:52:40,415:INFO:letsencrypt.auth_handler:Cleaning up challenges
Failed authorization procedure. abc.example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge
As additional note, I am able to generate a certificate by using the manual plugin with the command
$ letsencrypt --manual
and following instructions. I tried installing it in the appropriate virtual host of the apache server using the same configuration generated automatically by the apache plugin. Steps taken
- created an ssl virtual host listening on port 443
- added the certificate/key
- included the ssl config file from letsencrypt
Although I was able to generate the certificate and the config was the same, the https site was still not working. I wonder if it is possible that the CA could have lost trust in my domain, and therefore stopped issuing certificates.
Any advice on how to correct this issue? Is there any way to “reset” the account? Should we move on and try to use a different CA? Could it be possible that having several hosts in different servers for the same DNS could affect the process of obtaining the certificate?
- I am not using a CDN.
- I am using goddady for DNS only.
Thanks for the help.