Please fill out the fields below so we can help you better.
My domain is: forumserver.twoplustwo.com
I ran this command: sudo certbot --apache
It produced this output:
- The following errors were reported by the server:
Failed authorization procedure. forumserver.twoplustwo.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
My web server is (include version): Apache/2.4.6
The operating system my web server runs on is (include version):
Red Hat Enterprise Linux Server release 7.4 (Maipo)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The server I ran this on is one of three behind a brocade load balancer.
I am unsure how to use an alternative client to obtain a certificate. Any help would be appreciated.
I’m unable to connect to forumserver.twoplustwo.com on port 443.
Check to ensure port 443 is allowed.
--apache can't work at all behind a load balancer, while
--webroot can potentially work if you can closely customize the load balancer's behavior (and if it's listening on port 80).
Do you have a way to update the DNS records in the DNS zone file for this domain via an API of some kind? That might be an easier strategy (using the DNS-01 authorization method instead).
I believe I can update the DNS records as you suggest. I know I have to
manually update a TXT record with a token. I can do that…how do I proceed?
I was successfully able to use the DNS-01 challenge method. Thanks to all who responded.
Some tools (including Certbot and also acme.sh to a greater extent) let you do this via a DNS provider API rather than manually, which can make the process nicer when you have to renew the certificate (because you have to re-validate). So you might want to keep automation in mind too if you didn’t use a process initially that can be automated.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.