Let's Encrypt validation server can access my server, yet I still get "Server could not connect to the client to verify the domain"

My domain is: library.iadt.ie

I ran this command: sudo certbot --apache

It produced this output: Failed authorization procedure. library.iadt.ie (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://library.iadt.ie/.well-known/acme-challenge/0WVMnARfIRrd_8t8JYVxoGTEZfLnfktSY5cuR4qUS_k: Timeout during connect (likely firewall problem)

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I can see Let’s Encrypt accessing the challenge and Apache returns 200.

52.28.236.88 - - [27/Mar/2020:05:25:25 +0000] "GET /.well-known/acme-challenge/0WVMnARfIRrd_8t8JYVxoGTEZfLnfktSY5cuR4qUS_k HTTP/1.1" 200 308 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

I was able to successfully deploy a cert on this same server for another sub domain. It just won’t work for this one for some reason.

1 Like

That hostname has two IP addresses:

;; QUESTION SECTION:
;library.iadt.ie.		IN	A

;; ANSWER SECTION:
library.iadt.ie.	14400	IN	A	193.1.234.17
library.iadt.ie.	14400	IN	A	157.245.213.214

One works, the other doesn’t.

The fact you’re seeing one succesful log entry doesn’t mean it works in total, since Let’s Encrypt has started using multi-perspective validation.

2 Likes

Many thanks. We deleted the old A record and the cert was deployed successfully.

2 Likes