New Server Setup, I can't get certbot or letsencrypt to create a SSL


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: camelothost.com, www.camelothost.com, mail.camelothost.com, server1.camelothost.com


#2

I ran this command: certbot --apache -w /var/www/camelothost.com/web/ -d camelothost.com -d www.camelothost.com -d server1.camelothost.com -d mail.camelothost.com --agree-tos -m jordan@camelothost.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for camelothost.com
http-01 challenge for www.camelothost.com
http-01 challenge for server1.camelothost.com
http-01 challenge for mail.camelothost.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.camelothost.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.camelothost.com/.well-known/acme-challenge/KsfSSX8544yFLG8FSiRBHvvsWc2k8A-naGf-k9igwz4: Timeout, mail.camelothost.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.camelothost.com/.well-known/acme-challenge/asQHF9gHATlbZ38P5nNnn5xsYyUdT-YQOBcNbPxHLgM: Timeout, server1.camelothost.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://server1.camelothost.com/.well-known/acme-challenge/uSko6U-2Orbz_UbEpN9X3nVS-iUNlgm4K3pvsqz-d0A: Timeout, camelothost.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://camelothost.com/.well-known/acme-challenge/tXAH_5zDNaG4JzU86njHcjr13WaopFDbGgsSMmkMyL4: Timeout


#3

Your server does not seem to be responding to HTTP requests via IPv6.

The validation server uses IPv6 as long as you have an AAAA record in your DNS, so you should either fix your server so that it responds correctly on IPv6, or remove the AAAA record.


#4

IMPORTANT NOTES:

My web server is (include version):
Server version: Apache/2.4.6 (CentOS)
Server built: Oct 19 2017 20:39:16

The operating system my web server runs on is (include version):
Linux version 3.10.0-693.21.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Wed Mar 7 19:03:37 UTC 2018

CentOS Linux 7 (Core)

My hosting provider, if applicable, is: VPS on Digital Ocean (All DNS and nameservers are served off thte VPS)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, ispconfig 3.x

I set up the server using these instructions:

When I had issues with Let’s Encrypt I tried to use git to clone the github version of Let’s Encrypt. Then finally I installed the CentOS letsencrypt packages.

The domain is not the only one setup on the server.

I have both A and AAAA records for the domain

I have checked iptables to make sure there are no rules

I have verified I can write to the webroot as root

I have tried following several things, I’ve also verifed that apache is listening to port 80 and 443


#5

In ispconfig I have a checkbox for Let’s Encrypt however it unchecks and does not do anything.


#6

Thanks for spotting that. My Apache says it is listening to the IPV6 address, so I’ll try to findout why its not responding.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.