Getting "The server could not connect to the client to verify the domain" when trying to renew the certificate


I have created a certificate for a few domains on my server. The creation process went fine, (with the old “letsencrypt-auto” client). Now though I get an error when I try to renew it. For ONE of the domains I get the error

:Attempting to renew cert from /etc/letsencrypt/renewal/xxx.conf produced an unexpected error: 
Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could 
not connect to the client to verify the domain :: Could not connect to . Skipping.

Note that this happens both with the old client and the new certbot. The certificates were created with the webroot procedure with something like the following:

letsencrypt-auto certonly -tvv --keep --webroot -w /usr/share/nginx/www/ -d,,,,

Checking the logs I see the following for one of the other domains:

2016-12-28 08:15:13,743:DEBUG:acme.client:Received response <Response [200]> <CUT>
  "validationRecord": [
    {          "url": "",\n         
  "hostname": "",\n          "port": "80",\n          
  "addressesResolved": [\n            "XXX"\n          ],\n          
  "addressUsed": "XXX"\n        },\n        
  "url": "",
  "hostname": "",\n          "port": "443",\n          
  "addressesResolved": [\n            "XXXX",\n            "XXX"\n          ],\n          
  "addressUsed": "XXXX"\n        }\n      ]\n    },\n    

For the failing domain instead I get the following

2016-12-28 08:15:13,091:DEBUG:acme.client:Received response <Response [200]> <CUR>
"validationRecord": [\n        {\n       
  "url": "",\n          
  "hostname": "",\n          "port": "80",\n          
  "addressesResolved": [\n            "XXX",\n            "XXX"\n          ],\n          
  "addressUsed": "XXX"\n        },\n        
  "url": "https:///.well-known/acme-challenge/Ja_jSnI2TdaauwoOgIitV5ED-p5FKocrE-4NG5D4GKM",\n          
  "hostname": "",\n          
  "port": "443",\n          
  "addressesResolved": null,\n          
  "addressUsed": ""\n        }\n      ]\n    },\n    {\n      "type": "dns-01",\n      "status": "pending",   
  "uri": "",\n      

You can see in the second case that the hostname part is missing and the url is clearly wrong. The failing domain differs from the others in two ways:

  • It is a completely different domain (the other all subdomains of the same domain)
  • It is has a fitness TLD

I just tried to remove all configuration and create a new certificate only for the failing domain with certbot client, but it fails again.

How can I fix this ?

[SOLVED] Renewing server failed to connect

Your redirect from HTTP to HTTPS is broken. Let’s Encrypt follows redirects, so it can’t connect. Notice the Location header:

osiris@desktop ~ $ telnet 80
Trying 2a03:f80:ed16:ca7:ea75:b12d:294:b3a6...
Connected to
Escape character is '^]'.
GET / HTTP/1.1

HTTP/1.1 301 Moved Permanently
Server: nginx/1.11.3
Date: Wed, 28 Dec 2016 10:15:21 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https:///

<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>


You’re right ! I can’t believe I missed that. Thanks a lot


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.