Thanks to the development team for the exciting LE initiative.
My domains having been whitelisted and I’ve been trying for a couple of days now to get this thing working but to no avail.
I’ve run the LE auto a couple of times with the apache plugin without success and tried today, after many searches on this forum, with the webroot and cli.ini file set up using ./letsencrypt --config /etc/letsencrypt/cli.ini auth.
I end up with errors such as “Failed to connect to host for DVSNI challenge” using apache plugin and today using webroot “The server could not connect to the client for DV” and “Could not connect to http://my.domain.co.uk/.well-known/acme-challenge/blah,blah,blah …”
I’m running the sites on Debian jessie with apache 2.4. I’ve checked my DNS which seems OK and can curl to the sites from my laptop at home.
I am tearing my hair out now so would really appreciate some pointers.
2015-11-19 21:14:24,076:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-11-19 21:14:24,223:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-19 21:14:31,166:INFO:letsencrypt.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0011_key-letsencrypt.pem
2015-11-19 21:14:31,274:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0011_csr-letsencrypt.pem
2015-11-19 21:14:31,277:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-19 21:14:31,505:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-19 21:14:32,682:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-11-19 21:14:32,682:INFO:letsencrypt.auth_handler:http-01 challenge for cirrus.glynos.co.uk
2015-11-19 21:14:32,813:INFO:letsencrypt.auth_handler:Waiting for verification…
2015-11-19 21:14:32,829:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-19 21:14:36,072:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-19 21:14:39,268:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-19 21:14:39,479:INFO:letsencrypt.reporter:Reporting to user: The following ‘connection’ errors were reported by the server:
Domains: cirrus.glynos.co.uk
Error: The server could not connect to the client for DV
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client.
2015-11-19 21:14:39,480:INFO:letsencrypt.auth_handler:Cleaning up challenges
Failed authorization procedure. cirrus.glynos.co.uk (http-01): connection :: The server could not connect to the client for DV :: Could not connect to http://cirrus.glynos.co.uk/.well-known/acme-challenge/ape8p6WMJR9ZCWqYoOSnb4D2KFY4q_Mc_ptkNxYjiuM
IMPORTANT NOTES:
The following ‘connection’ errors were reported by the server:
Domains: cirrus.glynos.co.uk
Error: The server could not connect to the client for DV
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client.
Let’s Encrypt needs to be able to connect to a web server on your domain to verify you are authorized to request certificates for that domain. This connection attempt is initiated by a server in Let’s Encrypt’s network (and not by the letsencrypt client you’re running on your server), so you need to make sure it’s publicly routed.
I’m guessing this is some kind of firewall issue, maybe a country block list or something like that.