Obtaining certificate for load balanced domain

Please fill out the fields below so we can help you better.

My domain is: forumserver.twoplustwo.com

I ran this command: sudo certbot --apache

It produced this output:

  • The following errors were reported by the server:

Failed authorization procedure. forumserver.twoplustwo.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

My web server is (include version): Apache/2.4.6

The operating system my web server runs on is (include version):
Red Hat Enterprise Linux Server release 7.4 (Maipo)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The server I ran this on is one of three behind a brocade load balancer.

I am unsure how to use an alternative client to obtain a certificate. Any help would be appreciated.

I’m unable to connect to forumserver.twoplustwo.com on port 443.
Check to ensure port 443 is allowed.

Generally --apache can't work at all behind a load balancer, while --webroot can potentially work if you can closely customize the load balancer's behavior (and if it's listening on port 80).

Do you have a way to update the DNS records in the DNS zone file for this domain via an API of some kind? That might be an easier strategy (using the DNS-01 authorization method instead).

I believe I can update the DNS records as you suggest. I know I have to
manually update a TXT record with a token. I can do that…how do I proceed?


I was successfully able to use the DNS-01 challenge method. Thanks to all who responded.

Some tools (including Certbot and also acme.sh to a greater extent) let you do this via a DNS provider API rather than manually, which can make the process nicer when you have to renew the certificate (because you have to re-validate). So you might want to keep automation in mind too if you didn’t use a process initially that can be automated.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.