Let's Encrypt validation server can access my server, yet I still get "Server could not connect to the client to verify the domain"

My domain is: library.iadt.ie

I ran this command: sudo certbot --apache

It produced this output: Failed authorization procedure. library.iadt.ie (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://library.iadt.ie/.well-known/acme-challenge/0WVMnARfIRrd_8t8JYVxoGTEZfLnfktSY5cuR4qUS_k: Timeout during connect (likely firewall problem)

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I can see Let’s Encrypt accessing the challenge and Apache returns 200. - - [27/Mar/2020:05:25:25 +0000] "GET /.well-known/acme-challenge/0WVMnARfIRrd_8t8JYVxoGTEZfLnfktSY5cuR4qUS_k HTTP/1.1" 200 308 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

I was able to successfully deploy a cert on this same server for another sub domain. It just won’t work for this one for some reason.

1 Like

That hostname has two IP addresses:

;library.iadt.ie.		IN	A

library.iadt.ie.	14400	IN	A
library.iadt.ie.	14400	IN	A

One works, the other doesn’t.

The fact you’re seeing one succesful log entry doesn’t mean it works in total, since Let’s Encrypt has started using multi-perspective validation.


Many thanks. We deleted the old A record and the cert was deployed successfully.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.