Letsencrypt --apache error

please help me. anyone

I am constructing a mail server by tutorial provided by a web
(http://ddart.net/xe/board/5121)
when I use ‘letsencrypt --apache’

this error occur

how can i solve?

hi @yonghoon

You need to complete the challenges to prove that you own the domains.

You are trying to use the TLS-SNI challenge.

Did you mean to use those?

Also please fill out all the details in the future as there are differences between different apache versions and os versions.

Andrei

1 Like

I’m not use TLS-SNI and also I don’t know exactly what is it

i am using
Ubuntu 16.04
and i installed apahce2 by ‘apt-get install apache2’

if you want any information more i will reply

I'm not use TLS-SNI and also I don't know exactly what is it

if you don't know what it is how can you confirm you are not using it

the apache plugin you are using will try to install a self signed certiicate (which is what is required to pass the TLS-SNI challenge)

https://certbot.eff.org/docs/using.html#certbot-commands

Should provide you the guidance you need

Andrei

1 Like

The most common reason for this error is having multiple virtual hosts defined in a single Apache configuration file. --apache has trouble parsing and editing configuration files under this circumstance, but the error messages it generates aren’t very helpful. Could that be the case on your server, @yonghoon?

1 Like

I think your answer is write…

could you help me?

what information do you want or need ?

i’m very beginner so…I don’t know what i do anymore…

Hi @yonghoon,

Could you look at the contents of the files in /etc/apache2/sites-enabled and see if any of them refers to more than one VirtualHost?

1 Like

I changed some of my domain name .

I added some code to /etc/hosts
127.0.0.1 mail.yhgwon0417.net
127.0.0.1 yhgwon0417.net
And It work to connect by http:

but there is still error trying to letsencrpyt --apache

I don’t have dns server and my real domain ! is it related to problem ?

Yes! The /etc/hosts file is private to your system and nobody else can see what you write there.

Let's Encrypt can only issue certificates for publicly-visible domains that exist on the Internet. If you don't have a domain name with a working name server, Let's Encrypt can't issue certificates to you.

1 Like

Oh…God…Thank you I will buy mydomain !
And come back
really Thanky !

I registered my real domain

vinenbranches.net
mail.vinenbranches.net

It works well to connect!

but when i try to letsencrypt, there is still a problem.

++++

when i try to http://vinenbranches.net:443/
it shows ’ can’t connect ’

Hi @yonghoon,

You should never use http://vinenbranches.net:443/, because HTTPS, not HTTP, should be spoken on port 443. The correct form is https://vinenbranches.net/, which is equivalent to https://vinenbranches.net:443/, just as http://vinenbranches.net/ is equivalent to http://vinenbranches.net:80/.

However, I don’t think that explains why you had trouble getting a certificate. :slight_smile:

Can you confirm that Apache is running on the machine at the time you run letsencrypt --apache? And you’re running it as root?

There’s no firewall that forbids incoming connections from the Internet to port 443 on your server, is there?

Could you post the most recent logs from /var/log/letsencrypt?

Yes apache is noraml

I think no firewall here .

I took a picture, /etc/log/letsencrypt.log

It’s the latest one!

Do you think you could post the entire log from /var/log/letsencrypt (as text file) rather than a photo of a portion of the log?

1 Like

I don’t have autoriztion to upload text file

so I copy every line into here

/var/log/letsencrypt/letsencrypt.log

2017-04-06 04:33:52,309:DEBUG:letsencrypt.cli:Root logging level set at 30
2017-04-06 04:33:52,311:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-04-06 04:33:52,312:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1
2017-04-06 04:33:52,312:DEBUG:letsencrypt.cli:Arguments: [’–apache’]
2017-04-06 04:33:52,317:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-04-06 04:33:52,326:DEBUG:letsencrypt.cli:Requested authenticator apache and installer apache
2017-04-06 04:33:52,920:DEBUG:letsencrypt.display.ops:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f12e5da6bd0>
Prep: True
2017-04-06 04:33:52,922:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f12e5da6bd0> and installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f12e5da6bd0>
2017-04-06 04:33:55,079:DEBUG:letsencrypt.cli:Picked account: <Account(aa7cb571801f0f5ff7c2b8c8e161274e)>
2017-04-06 04:33:55,081:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-04-06 04:33:55,089:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-06 04:33:55,482:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 280
2017-04-06 04:33:55,487:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘280’, ‘Expires’: ‘Thu, 06 Apr 2017 04:33:55 GMT’, ‘Boulder-Request-Id’: ‘MmY1NJ4Xf3rNHtaEohAvff0XAjgUdv7jw-CSXR_iMiU’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 06 Apr 2017 04:33:55 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘M08G1eJo34mumyxe4IPQNBvP_GDgxCzFDw4JdCn24h4’}. Content: '{\n “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,\n “new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,\n “new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,\n “revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”\n}'
2017-04-06 04:33:55,489:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘280’, ‘Expires’: ‘Thu, 06 Apr 2017 04:33:55 GMT’, ‘Boulder-Request-Id’: ‘MmY1NJ4Xf3rNHtaEohAvff0XAjgUdv7jw-CSXR_iMiU’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 06 Apr 2017 04:33:55 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘M08G1eJo34mumyxe4IPQNBvP_GDgxCzFDw4JdCn24h4’}): ‘{\n “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,\n “new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,\n “new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,\n “revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”\n}‘
2017-04-06 04:33:55,634:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0040_key-letsencrypt.pem
2017-04-06 04:33:55,639:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0040_csr-letsencrypt.pem
2017-04-06 04:33:55,640:DEBUG:letsencrypt.client:CSR: CSR(file=’/etc/letsencrypt/csr/0040_csr-letsencrypt.pem’, data=‘0\x82\x02\x9a0\x82\x01\x82\x02\x01\x020!1\x1f0\x1d\x06\x03U\x04\x03\x0c\x16mail.vinenbranches.net0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xd0\xda7\xcabPvuD2Y&\xaa\xed(\xb8\x1cL\x90\xfd\xe6\xbf4*\x96\x17\xfa-\r\xacW\xc4\xcb\xf0\x8e**\x8d\x11\xe7\xfdc\xbc\xb5\xf0\xc6\xaa,\xa7\x90\xf4e\xb40\xd1\xd2\xf4j\xc0#J\xd9J\xaba\x07\x9a\xf0.\x9cG\x84\xb8*\xf5cDW\xb2\xcb\x1c\xed\xb7k\x90\x8e\xb1\xdc\x1f?@\xc1F\x07\x03*r\x18\x98\xb9\xd4\x1bv\x0c\xca\xf0\xad\x9ap\x11Z0\xa1\x16\xa1\xa6\x96P=\xe8\x96uJ\xec\x12\xbd\x87Hl9\xbba%k:n\x05]\xe9Im\x0b\x84\xe2\xdc\xf6\xff\x0e\xf9\xd3\xaa\xbe\x9f\xa0\xbc\x84L\xddj\xae,\xc5\x83\xdb2u\x8f\xb2\xfe\xdb~B\x9f\x05\x7f(\xac\xf0\x0c\x04\x81\x85\xc2a\r8^\xbb\x91\x07\xa4\xca\x97\xd2\x803:Z\x1a9\xcb\xda4\x8feoE\xcc\xeaCc\x93\x85t;)\x9bOg\x0f&Q\xa2f\x84.D\xb1IGIGB|\x14z\xd4\x19I\xc6~q0\x13eo\x08\xee4\x17\xe2fq\r\xb5\x02\x03\x01\x00\x01\xa0402\x06\t*\x86H\x86\xf7\r\x01\t\x0e1%0#0!\x06\x03U\x1d\x11\x04\x1a0\x18\x82\x16mail.vinenbranches.net0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00Q/\x87\xda\x07S\xe0\xa1{\xf0\xf6\x8e\xd0\x86\x03\xfd\x17\x93G\x06\x9f#\x89\xf7\xc9,Y[\xee\xa4\x9d\xbax\xb1\xee\xa9\xaf!\x99\xde\xe7\x96X\r\x1f\xa70\x9c7\x14\x9c\x8a\x82+\xb5Hn\x13CXs\x9fL\xe7\x82\x04\xd8$\xc0\x0e&\xe96\xe8\x9d\x9f\x9a\x9bg\xaaG\xc5Q\x7f\xc2+m\xe1q\x95C\xb8\x90\n\xb9,\xf4a\x15\xa49\xd0\\xW\xc3|1\x05\x7fa\x17zI\xb54\xda\xe5\x10p\x1e\xdcg\xf0\xbb\xcd\x1fS\xa3JN\x18f\x8aF\xb1t\x1f\x0eNh\x86";Z\x93\xdf\x9f\x84\x04\xf7.\xdc\xb6*J\x8d\x91\xf4\xafJ\x1b\\xa9Z\xd1gd.\x90\xf3=\xf7a\x9e\xb5]\xa5&qu\x9d|^\x14\x07\x9f\xc2\x91q\x02(+\xca\x88\xf5\x82\xf4\xbb)_\xca\xa3CJd\xa8\x18^\xc4;\x9b\xd9q\x17TQ=f\xa9&\x8fR?/\x82#\xce#}\x9c\xdf\xf3c\xdc\xdfg\x96\xd1O\x85&\r\xdb\xb1!|\xbb\\x06\x9f\xac\n\xf8\x93’, form=‘der’), domains: [‘mail.vinenbranches.net’]
2017-04-06 04:33:55,640:DEBUG:root:Requesting fresh nonce
2017-04-06 04:33:55,640:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2017-04-06 04:33:55,642:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-06 04:33:55,937:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2017-04-06 04:33:55,941:DEBUG:root:Received <Response [405]>. Headers: {‘Content-Length’: ‘91’, ‘Pragma’: ‘no-cache’, ‘Boulder-Request-Id’: ‘QIZcwWM_EWkB6k4dJhrI-EoawhFv952b2A7gPc7DVY0’, ‘Expires’: ‘Thu, 06 Apr 2017 04:33:55 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Allow’: ‘POST’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 06 Apr 2017 04:33:55 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘Gf8dDsZsJNT6p9KL05qM6i_TKxGuw5C3FBh9eokRyEU’}. Content: ‘‘
2017-04-06 04:33:55,944:DEBUG:acme.client:Storing nonce: ‘\x19\xff\x1d\x0e\xc6l$\xd4\xfa\xa7\xd2\x8b\xd3\x9a\x8c\xea/\xd3+\x11\xae\xc3\x90\xb7\x14\x18}z\x89\x11\xc8E’
2017-04-06 04:33:55,944:DEBUG:acme.jose.json_util:Omitted empty fields: challenges=None, combinations=None, status=None, expires=None
2017-04-06 04:33:55,945:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: “mail.vinenbranches.net”}, “resource”: “new-authz”}
2017-04-06 04:33:55,947:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), x5tS256=None, cty=None, jku=None, x5u=None, x5t=None, crit=(), kid=None, alg=None, jwk=None, typ=None
2017-04-06 04:33:55,952:DEBUG:acme.jose.json_util:Omitted empty fields: jku=None, x5tS256=None, cty=None, x5c=(), x5u=None, x5t=None, crit=(), nonce=None, kid=None, typ=None
2017-04-06 04:33:55,953:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “48gNmZHNjTtQJRJ1HE0ba-r_OWlX2wr6Mv5LPyxJLz83vxy916vYdlymduoo2FI_SK97Ui2m6TX3M_a7namy_vQZb35OlRR5J8WEIn3OlanIGaAI35WcDkusX2jTyGROVJUztEWq8repJoNnNA00HnhiZycZ8cA8eG2Px6QyiU1551AmdUEFLxNZUE-unVZFBRA1-8bdhSJ12VV7pdJFJy_re2WhD1f11smKRYV97h8SZi86f9VKlgJUvAN771Gd36rZ_8QROV9QpCi2VuPGhr6tftlaAag1eV_tdqgoLd7G4sw4LsnYOO1357wf-inN9ZXAKoHF3t97-xM1tKzITw”}}, “protected”: “eyJub25jZSI6ICJHZjhkRHNac0pOVDZwOUtMMDVxTTZpX1RLeEd1dzVDM0ZCaDllb2tSeUVVIn0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJtYWlsLnZpbmVuYnJhbmNoZXMubmV0In0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ”, “signature”: “aIOoIJ5qWnymgCmAh8_JPyM8o28GJYo3ZQfAlW2dSrE-d5Qc5r29rC3UgFWP2ugMeSsI35ZwbNAErGouIVJyrfUTrJbYBvTKhr43CYVXHfHSlZrw2XovQQAyM8KSZ7reCAIyiU1-FJRTw4OEInBYMjayRuS-jvdyh_PaLGdJleBK5iBDoXRPBDs9FJG8868z6He8U2Mxck05RaH1HGX3h9ExAd9bXx8DUSmUb8tndSFquDv3OZkJQMHVD8nH32t37Uu2nqlZrFGBfk92tn87XV2SVV_bBJ38uo1jYfcn_XnjAUFfITYpY38DI8SR8B_I3NSJbedkq1aMNrAAmtIvCw”}’}
2017-04-06 04:33:55,954:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-06 04:33:56,391:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 1007
2017-04-06 04:33:56,395:DEBUG:root:Received <Response [201]>. Headers: {‘Content-Length’: ‘1007’, ‘Expires’: ‘Thu, 06 Apr 2017 04:33:56 GMT’, ‘Boulder-Request-Id’: ‘qABTjrDrwpo7rwNYxZJ8WmUNj7njhbCN1k6vaPEHUjQ’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘11440465’, ‘Date’: ‘Thu, 06 Apr 2017 04:33:56 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘wkXXeNiS0m3XS3Dk4bgT3oyJ51VpN1IRPo6pY–m3NM’}. Content: ‘{\n “identifier”: {\n “type”: “dns”,\n “value”: “mail.vinenbranches.net”\n },\n “status”: “pending”,\n “expires”: “2017-04-13T04:33:56.075267259Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949”,\n “token”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170950”,\n “token”: “qMYj-URqmGrnXf3P04Q64gL_iZAqtwU1LSVmw-o0Vsw”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951”,\n “token”: “WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}‘
2017-04-06 04:33:56,397:DEBUG:acme.client:Storing nonce: ‘\xc2E\xd7x\xd8\x92\xd2m\xd7Kp\xe4\xe1\xb8\x13\xde\x8c\x89\xe7Ui7R\x11>\x8e\xa9c\xef\xa6\xdc\xd3’
2017-04-06 04:33:56,398:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘1007’, ‘Expires’: ‘Thu, 06 Apr 2017 04:33:56 GMT’, ‘Boulder-Request-Id’: ‘qABTjrDrwpo7rwNYxZJ8WmUNj7njhbCN1k6vaPEHUjQ’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘11440465’, ‘Date’: ‘Thu, 06 Apr 2017 04:33:56 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘wkXXeNiS0m3XS3Dk4bgT3oyJ51VpN1IRPo6pY–m3NM’}): ‘{\n “identifier”: {\n “type”: “dns”,\n “value”: “mail.vinenbranches.net”\n },\n “status”: “pending”,\n “expires”: “2017-04-13T04:33:56.075267259Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949”,\n “token”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170950”,\n “token”: “qMYj-URqmGrnXf3P04Q64gL_iZAqtwU1LSVmw-o0Vsw”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951”,\n “token”: “WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}‘
2017-04-06 04:33:56,399:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE’, u’type’: u’dns-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951’}
2017-04-06 04:33:56,400:INFO:letsencrypt.auth_handler:Performing the following challenges:
2017-04-06 04:33:56,401:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for mail.vinenbranches.net
2017-04-06 04:33:56,645:DEBUG:letsencrypt_apache.tls_sni_01:Adding Include /etc/apache2/le_tls_sni_01_cert_challenge.conf to /files/etc/apache2/apache2.conf
2017-04-06 04:33:56,648:DEBUG:letsencrypt_apache.tls_sni_01:writing a config file with text:

<VirtualHost *:443>
ServerName a95660912b78a85b74e0527c44196104.eb16aec977f15fac6a7fe9d5d4bc1c2a.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.crt
SSLCertificateKeyFile /var/lib/letsencrypt/CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

2017-04-06 04:33:56,713:DEBUG:letsencrypt.reverter:Creating backup of /etc/apache2/apache2.conf
2017-04-06 04:33:59,940:INFO:letsencrypt.auth_handler:Waiting for verification…
2017-04-06 04:33:59,941:DEBUG:acme.client:Serialized JSON: {“keyAuthorization”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.HNM_mjHX1qYmrf0a5RUequIiX7q6eec8GTphG5qBYvk”, “type”: “tls-sni-01”, “resource”: “challenge”}
2017-04-06 04:33:59,944:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), x5tS256=None, cty=None, jku=None, x5u=None, x5t=None, crit=(), kid=None, alg=None, jwk=None, typ=None
2017-04-06 04:33:59,951:DEBUG:acme.jose.json_util:Omitted empty fields: jku=None, x5tS256=None, cty=None, x5c=(), x5u=None, x5t=None, crit=(), nonce=None, kid=None, typ=None
2017-04-06 04:33:59,952:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “48gNmZHNjTtQJRJ1HE0ba-r_OWlX2wr6Mv5LPyxJLz83vxy916vYdlymduoo2FI_SK97Ui2m6TX3M_a7namy_vQZb35OlRR5J8WEIn3OlanIGaAI35WcDkusX2jTyGROVJUztEWq8repJoNnNA00HnhiZycZ8cA8eG2Px6QyiU1551AmdUEFLxNZUE-unVZFBRA1-8bdhSJ12VV7pdJFJy_re2WhD1f11smKRYV97h8SZi86f9VKlgJUvAN771Gd36rZ_8QROV9QpCi2VuPGhr6tftlaAag1eV_tdqgoLd7G4sw4LsnYOO1357wf-inN9ZXAKoHF3t97-xM1tKzITw”}}, “protected”: “eyJub25jZSI6ICJ3a1hYZU5pUzBtM1hTM0RrNGJnVDNveUo1MVZwTjFJUlBvNnBZLS1tM05NIn0”, “payload”: “eyJrZXlBdXRob3JpemF0aW9uIjogIkNsdU1qWnRJZjJNMlVIUEdwaWluQmxWQUliVUVtdm5uZ0V6am41anNQWTguSE5NX21qSFgxcVltcmYwYTVSVWVxdUlpWDdxNmVlYzhHVHBoRzVxQll2ayIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0”, “signature”: “38YsP6pHAbZogqmK1rJKzB2RamjvZr0RZ_4WuHV1Z7JwHkpZEwQRF3sZTH9ogdISjOMPXj0y3v6Aov4Hq4-L2dFibO37vul48_WipTH1a10_cZFVfyfNPrIOumuUJE8vjOy9HjKsHZpHteCnZlJZliPjsJSmMqwq8R8U8jIoIDopLhBXTPr6vwKCTzkV7wwX2jMcYlYeH3z-1kJ90FnE1mF0x1V3AOhOZn6IXTXswozJ_YA2v5JsiIa1cZAmUVFMz9Egq51hZQe5NqI0kdB2viT_VQNfBgW1xA9SBDylYDMmTSB8h26xfWVoIYtw5Z8-D1TVL4erQ5985gZcBxmCag”}’}
2017-04-06 04:33:59,955:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-06 04:34:00,262:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949 HTTP/1.1” 202 338
2017-04-06 04:34:00,266:DEBUG:root:Received <Response [202]>. Headers: {‘Content-Length’: ‘338’, ‘Boulder-Request-Id’: ‘9grovpsnp5G9t-k9SKYgp9PgC2t4LDJyGUM2zKi_wgs’, ‘Expires’: ‘Thu, 06 Apr 2017 04:34:00 GMT’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘11440465’, ‘Date’: ‘Thu, 06 Apr 2017 04:34:00 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘2RE1UfANHD0OSKkiihTLkNhC_Ga8J92uFmXXXyDCubU’}. Content: ‘{\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949”,\n “token”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8”,\n “keyAuthorization”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.HNM_mjHX1qYmrf0a5RUequIiX7q6eec8GTphG5qBYvk”\n}‘
2017-04-06 04:34:00,268:DEBUG:acme.client:Storing nonce: ‘\xd9\x115Q\xf0\r\x1c=\x0eH\xa9"\x8a\x14\xcb\x90\xd8B\xfcf\xbc’\xdd\xae\x16e\xd7_ \xc2\xb9\xb5’
2017-04-06 04:34:00,269:DEBUG:acme.client:Received response <Response [202]> (headers: {‘Content-Length’: ‘338’, ‘Boulder-Request-Id’: ‘9grovpsnp5G9t-k9SKYgp9PgC2t4LDJyGUM2zKi_wgs’, ‘Expires’: ‘Thu, 06 Apr 2017 04:34:00 GMT’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘11440465’, ‘Date’: ‘Thu, 06 Apr 2017 04:34:00 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘2RE1UfANHD0OSKkiihTLkNhC_Ga8J92uFmXXXyDCubU’}): ‘{\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949”,\n “token”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8”,\n “keyAuthorization”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.HNM_mjHX1qYmrf0a5RUequIiX7q6eec8GTphG5qBYvk”\n}‘
2017-04-06 04:34:03,273:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw. args: (), kwargs: {}
2017-04-06 04:34:03,276:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-06 04:34:03,617:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw HTTP/1.1” 200 1114
2017-04-06 04:34:03,621:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘1114’, ‘Expires’: ‘Thu, 06 Apr 2017 04:34:03 GMT’, ‘Boulder-Request-Id’: ‘g0ZPvVoWXE7OzskbiJtdEy98uq7a3X9mKuwWC60uyRw’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 06 Apr 2017 04:34:03 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘muZrfRcpU3hVTggInMjkXPC6dtSQZyLPuicnznXTAYo’}. Content: ‘{\n “identifier”: {\n “type”: “dns”,\n “value”: “mail.vinenbranches.net”\n },\n “status”: “pending”,\n “expires”: “2017-04-13T04:33:56Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949”,\n “token”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8”,\n “keyAuthorization”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.HNM_mjHX1qYmrf0a5RUequIiX7q6eec8GTphG5qBYvk”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170950”,\n “token”: “qMYj-URqmGrnXf3P04Q64gL_iZAqtwU1LSVmw-o0Vsw”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951”,\n “token”: “WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}‘
2017-04-06 04:34:03,623:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘1114’, ‘Expires’: ‘Thu, 06 Apr 2017 04:34:03 GMT’, ‘Boulder-Request-Id’: ‘g0ZPvVoWXE7OzskbiJtdEy98uq7a3X9mKuwWC60uyRw’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 06 Apr 2017 04:34:03 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘muZrfRcpU3hVTggInMjkXPC6dtSQZyLPuicnznXTAYo’}): ‘{\n “identifier”: {\n “type”: “dns”,\n “value”: “mail.vinenbranches.net”\n },\n “status”: “pending”,\n “expires”: “2017-04-13T04:33:56Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949”,\n “token”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8”,\n “keyAuthorization”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.HNM_mjHX1qYmrf0a5RUequIiX7q6eec8GTphG5qBYvk”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170950”,\n “token”: “qMYj-URqmGrnXf3P04Q64gL_iZAqtwU1LSVmw-o0Vsw”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951”,\n “token”: “WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}‘
2017-04-06 04:34:03,624:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE’, u’type’: u’dns-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951’}
2017-04-06 04:34:06,628:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw. args: (), kwargs: {}
2017-04-06 04:34:06,631:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-06 04:34:07,105:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw HTTP/1.1” 200 1540
2017-04-06 04:34:07,110:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘1540’, ‘Expires’: ‘Thu, 06 Apr 2017 04:34:06 GMT’, ‘Boulder-Request-Id’: ‘PvhJj407S95rzJD4ZrRiZQ6ZDDup8LG_pgSk9S2Rjbw’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 06 Apr 2017 04:34:06 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘T2xAxaQQyR_H71oMQJobdkVSylb7jbjkNMaVg7Bek7I’}. Content: ‘{\n “identifier”: {\n “type”: “dns”,\n “value”: “mail.vinenbranches.net”\n },\n “status”: “invalid”,\n “expires”: “2017-04-13T04:33:56Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “invalid”,\n “error”: {\n “type”: “urn:acme:error:connection”,\n “detail”: “Failed to connect to 211.59.145.156:443 for TLS-SNI-01 challenge”,\n “status”: 400\n },\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949”,\n “token”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8”,\n “keyAuthorization”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.HNM_mjHX1qYmrf0a5RUequIiX7q6eec8GTphG5qBYvk”,\n “validationRecord”: [\n {\n “hostname”: “mail.vinenbranches.net”,\n “port”: “443”,\n “addressesResolved”: [\n “211.59.145.156”\n ],\n “addressUsed”: “211.59.145.156”\n }\n ]\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170950”,\n “token”: “qMYj-URqmGrnXf3P04Q64gL_iZAqtwU1LSVmw-o0Vsw”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951”,\n “token”: “WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}‘
2017-04-06 04:34:07,112:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘1540’, ‘Expires’: ‘Thu, 06 Apr 2017 04:34:06 GMT’, ‘Boulder-Request-Id’: ‘PvhJj407S95rzJD4ZrRiZQ6ZDDup8LG_pgSk9S2Rjbw’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 06 Apr 2017 04:34:06 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘T2xAxaQQyR_H71oMQJobdkVSylb7jbjkNMaVg7Bek7I’}): ‘{\n “identifier”: {\n “type”: “dns”,\n “value”: “mail.vinenbranches.net”\n },\n “status”: “invalid”,\n “expires”: “2017-04-13T04:33:56Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “invalid”,\n “error”: {\n “type”: “urn:acme:error:connection”,\n “detail”: “Failed to connect to 211.59.145.156:443 for TLS-SNI-01 challenge”,\n “status”: 400\n },\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170949”,\n “token”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8”,\n “keyAuthorization”: “CluMjZtIf2M2UHPGpiinBlVAIbUEmvnngEzjn5jsPY8.HNM_mjHX1qYmrf0a5RUequIiX7q6eec8GTphG5qBYvk”,\n “validationRecord”: [\n {\n “hostname”: “mail.vinenbranches.net”,\n “port”: “443”,\n “addressesResolved”: [\n “211.59.145.156”\n ],\n “addressUsed”: “211.59.145.156”\n }\n ]\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170950”,\n “token”: “qMYj-URqmGrnXf3P04Q64gL_iZAqtwU1LSVmw-o0Vsw”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951”,\n “token”: “WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}‘
2017-04-06 04:34:07,112:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’WCb7NIm8pzFtHcVfPtOIVb6CD7R4P26Ovonuufdf3LE’, u’type’: u’dns-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/kDBRTmTqc1pMk-p7LN_8eXVp8k1HSFhChU9VftlfVYw/972170951’}
2017-04-06 04:34:07,113:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:

Domain: mail.vinenbranches.net
Type: connection
Detail: Failed to connect to 211.59.145.156:443 for TLS-SNI-01 challenge

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2017-04-06 04:34:07,114:INFO:letsencrypt.auth_handler:Cleaning up challenges
2017-04-06 04:34:07,419:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/letsencrypt”, line 9, in
load_entry_point(‘letsencrypt==0.4.1’, ‘console_scripts’, ‘letsencrypt’)()
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 1986, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 662, in run
lineage, action = _auth_from_domains(le_client, config, domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 474, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 269, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 225, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. mail.vinenbranches.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 211.59.145.156:443 for TLS-SNI-01 challenge

sorry!
don’t forget me…

Your server doesn’t listen to or rejects/drops traffic on port 443. So make sure your apache server listens on port 443 by adding something like this to the config file of your website:
<VirtualHost *:443 [::]:443> instead of <VirtualHost *:80 [::]:80>

Also run sudo iptables -L to see if iptables perhaps blocks it.
And of course your router also should allow traffic to port 443.

when i try to [netstat -nlp]
443 port is on

there is virtual host to 443 in /etc/apahce/sites-available/default-ssl.conf

and there is no block on 443 in iptables

if you want i will take a picture for you

It's "on" in the sense of a 0.0.0.0:* LISTEN?

sure
like it ~