Letsencrypt cannot connect to available server [solved]


#1

My domain is: api.pie.video

I ran this command:

 sudo letsencrypt certonly --webroot -w ~/video-server/public -d api.pie.video

It produced this output:

Failed authorization procedure. api.pie.video (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to api.pie.video

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: api.pie.video
   Type:   connection
   Detail: Could not connect to api.pie.video

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My operating system is (include version): Ubuntu 16.04

My web server is (include version): meteor / nginx

I can login to a root shell on my machine: yes

The domain is publicly available and responding to both http and https, as you can see at:

http://api.pie.video/api/ping
https://api.pie.video/api/ping

But the error message seems to suggest otherwise.

If that helps, even thought I don’t think it’s related to the error message, I’m using a load balancer, so api.pie.video is responded to by a few servers. To ensure that the letsencrypt request hits the server where I ran the command from, I’m redirecting api.pie.video/.well-known/... to another server I’ve access to from where I’m running the command.


#2

Do you have a firewall or anything else restricting access ?

I can’t reach it,

curl -I api.pie.video
curl: (7) Failed to connect to api.pie.video port 80: Connection refused


#3

Hum yeah I’m redirecting :80 to :443, so curl -I https://api.pie.video would work

I guess that’s where the issue is coming from. How can I use letsencrypt to renew a certificate in that setting?


#4

You aren’t redirecting port 80 to 443 … your server isn’t responding to port 80 at all.

You can;

  • open up port 80 and use that
  • use port 443 and the TLS challenge (it needs to place a specifically named cert on your server)
  • use the DNS-01 challenge ( which doesn’t need any access to the server, you need to add a ‘token’ to your DNS to prove ownership though).

#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.