I ran this command: ./certbot-auto certonly --standalone -TLS-SNI-01-PORT 5001 -http-01-port 5000 -d pbx.bortec-corp.com
It produced this output:USAGE CERTBOT-AUTO [SUBCOMMAND] [options] [-d domain] …
My operating system is (include version): ubuntu server 15.04
My web server is (include version):windows server on hosting in directnic but pbx.bortec-corp.com is located on my location in la paz bolivia, i only applying to my ip pbx 3cx
My hosting provider, if applicable, is:
directnic
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I make run a new command
./certbot-auto certonly --standalone --tls-sni-01-port 5001 --http-01-port 5000 -d pbx.bortec-corp.com
message: Failed authorization procedure. pbx.bortec-corp.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 190.183.30.198:443 for tls-sni-01
Important notes
The following errors were reported by the server:
Domain: pbx.bortec-corp.com
Detail: Failed to connect to 190.181.30.198:443 for TLS-SNI-01 Challenge
For the TLS-SNI challenge, port 443 on your server must be open to the Internet. For the HTTP challenge, port 80 must be open. The parameters you’ve found let you specify the port that certbot will listen on (so, for example, you could have a port forwarded from 443 on the outside to 5001 internally), but as far as the Internet-facing side of your system is concerned, you must have either port 80 or 443 open.
If that is not possible, consider the DNS-01 challenge with one of the alternate clients–certbot doesn’t support it currently, but many of the alternate clients (like letsencrypt.sh and acme.sh) do.
alternatively, as @danb35 says all the Bash alternate clients (including the one I wrote - getssl … not just the two danb35 mentions ) support the DNS challenge
) support the DNS challenge