Hi -
I am attempting to setup a SSL Proxy using NGINX on a Raspberry Pi 3 using the Raspbian Operating System to allow my Home Assistant application to become accessible via the internet allowing changes to be made via my mobile device.
I encounter issues when I am trying to obtain a new certificate (using the command ./letsencrypt-auto certonly --standalone). This command will prompt me to enter my domain (hosting provided is namecheap) which I enter http://www.wiinc.tech/, I have also tried the following variations:
I receive the following error from using www.wiinc.tech:
Failed authorization procedure. www.wiinc.tech (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.54.117.216:443 for TLS-SNI-01 challenge
I’m not sure how to resolve this error or further triage what could be the cause the failure to connect.
Your “domain”, hosted at namecheap. Is that just the domain or is your entire website hosted on a VPS or shared hosting environment there? Because I can see some Namecheap placeholder if I surf to your domain, so I’m pretty sure your domain name doesn’t “point” to your Raspberry Pi.
In that case, you should remove the “parking page” of your domain at Namecheap:
osiris@desktop tmp $ dig www.wiinc.tech
; <<>> DiG 9.10.3-P4 <<>> www.wiinc.tech
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28224
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wiinc.tech. IN A
;; ANSWER SECTION:
www.wiinc.tech. 1800 IN CNAME parkingpage.namecheap.com.
parkingpage.namecheap.com. 30 IN A 198.54.117.216
parkingpage.namecheap.com. 30 IN A 198.54.117.212
parkingpage.namecheap.com. 30 IN A 198.54.117.215
;; Query time: 67 msec
;; SERVER: 194.109.6.66#53(194.109.6.66)
;; WHEN: Fri Feb 17 18:28:08 CET 2017
;; MSG SIZE rcvd: 130
osiris@desktop tmp $
I’m pretty sure Namecheaps parking page isn’t run on your Raspberry Pi?
You should edit your DNS zone to point the A record of your FQDN’s (the base domain wiinc.tech as wel as www.wiinc.tech) to the public IP address on which your Raspberry Pi is reachable.
Apologies for not responding, but I saw another post on this forum that indicated that LetEncrypt doesn't support my host so I was a little disappointed.