Obtaining New Certificate Failing

wiinc1 · February 17, 2017, 4:30pm

Hi -
I am attempting to setup a SSL Proxy using NGINX on a Raspberry Pi 3 using the Raspbian Operating System to allow my Home Assistant application to become accessible via the internet allowing changes to be made via my mobile device.

In trying to accomplish this task I am using the following the following reference information: https://community.home-assistant.io/t/homeassistant-nginx-ssl-proxy-setup/53

I encounter issues when I am trying to obtain a new certificate (using the command ./letsencrypt-auto certonly --standalone). This command will prompt me to enter my domain (hosting provided is namecheap) which I enter http://www.wiinc.tech/, I have also tried the following variations:

http://www.wiinc.tech
www.wiinc.tech

I receive the following error from using www.wiinc.tech:

Failed authorization procedure. www.wiinc.tech (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 198.54.117.216:443 for TLS-SNI-01 challenge

I’m not sure how to resolve this error or further triage what could be the cause the failure to connect.

Any help would be greatly appreciated.

Thanks!

Osiris · February 17, 2017, 4:48pm

Your “domain”, hosted at namecheap. Is that just the domain or is your entire website hosted on a VPS or shared hosting environment there? Because I can see some Namecheap placeholder if I surf to your domain, so I’m pretty sure your domain name doesn’t “point” to your Raspberry Pi.

wiinc1 · February 17, 2017, 5:27pm

It is just the domain.

Osiris · February 17, 2017, 5:30pm

In that case, you should remove the “parking page” of your domain at Namecheap:

osiris@desktop tmp $ dig www.wiinc.tech

; <<>> DiG 9.10.3-P4 <<>> www.wiinc.tech
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28224
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wiinc.tech.			IN	A

;; ANSWER SECTION:
www.wiinc.tech.		1800	IN	CNAME	parkingpage.namecheap.com.
parkingpage.namecheap.com. 30	IN	A	198.54.117.216
parkingpage.namecheap.com. 30	IN	A	198.54.117.212
parkingpage.namecheap.com. 30	IN	A	198.54.117.215

;; Query time: 67 msec
;; SERVER: 194.109.6.66#53(194.109.6.66)
;; WHEN: Fri Feb 17 18:28:08 CET 2017
;; MSG SIZE  rcvd: 130

osiris@desktop tmp $

I’m pretty sure Namecheaps parking page isn’t run on your Raspberry Pi?

You should edit your DNS zone to point the A record of your FQDN’s (the base domain wiinc.tech as wel as www.wiinc.tech) to the public IP address on which your Raspberry Pi is reachable.

wiinc1 · February 24, 2017, 7:05pm

Apologies for not responding, but I saw another post on this forum that indicated that LetEncrypt doesn't support my host so I was a little disappointed.

Osiris · February 24, 2017, 7:56pm

That's about webhosting. You said you only had the domain name at Namecheap, right? That's not the same thing as webhosting.

system · March 26, 2017, 7:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.