Manual mode: The server could not connect to the client to verify the domain


#1

Please fill out the fields below so we can help you better.

My domain is: mx.rg47c.dk

I ran this command: certbot-auto certonly --manual

It produced this output: Failed authorization procedure. mx.rg47c.dk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to mx.rg47c.dk

My operating system is (include version): CentOS 7

My web server is (include version): apache (but not used during process)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

When I try to request a certificate in the manual mode from another host than where the cert should be used (bot located behind firewall), the command tells me, that it cannot connect to my host,
I run split DNS, so the host where the certbot command is run resolves the internal IP of the mx.rg47c.dk host,
A public DNS record also exists for the host…
When requesting the certificate, I stop the apache server on my target server, and run the commands as specified by the certbot. On the console of the target server I see:

$(command -v python2 || command -v python2.7 || command -v python2.6) -c \

"import BaseHTTPServer, SimpleHTTPServer;
s = BaseHTTPServer.HTTPServer((’’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler);
s.serve_forever()"
192.168.225.153 - - [04/Nov/2016 19:27:49] “GET /.well-known/acme-challenge/eVxGLWplJd7dWRy1IPjwZoEYziD6eNWm_L4rh5YJVIQ HTTP/1.1” 200 -

So the host where the certbot command is run is able to connect to my target server - and I know, that the target server also is available from the outside on ports 80 and 443

What is causing this issue - and how to solve it ?

/Brian


#2

Hi @bipsendk,

While you’re running the manual command, could you try running

curl -v http://mx.rg47c.dk/

on another machine that’s not on the same LAN as the server?


#3

I can connect to port 443. Port 80 times out.


#5

Had forgot to change NAT in my firewall to the new address. Thanks for the tip.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.