My domain is:
I ran this command:
./certbot-auto --debug
It produced this output:
Requesting root privileges to run certbot...
/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: ****.com
2: www.****.com
3: ****.co
4: www.****.co
5: dustindoloff.com
6: **.dustindoloff.com
7: test.dustindoloff.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 5
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for dustindoloff.com
Waiting for verification...
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 743, in main
return config.func(config, plugins)
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 598, in run
certname, lineage)
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 356, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 317, in obtain_certificate
self.config.allow_subset_of_names)
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. dustindoloff.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data
Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: dustindoloff.com
Type: connection
Detail: Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
Server version: Apache/2.4.25 (Amazon)
Server built: Jan 19 2017 16:55:49
The operating system my web server runs on is (include version):
Amazon Linux 2017
Linux ip-XXX-XXX-XXX-XXX 3.14.48-33.39.amzn1.x86_64 #1 SMP Tue Jul 14 23:43:07 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is:
AWS EC2
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
I have uploaded the logs from here
/var/log/letsencrypt/letsencrypt.log
What I've done to troubleshoot:
- Try an individual domain instead of all at once
- Verify the security group for the EC2 instance is correct and allows incoming requests on port 443 from all IP addresses
- Verify the IP address in the logs matches the public IP address of the domain