Hi,
I am trying to get an SSL certificate and I’m running into the error below. I’ll appreciate any help. Thanks.
Please fill out the fields below so we can help you better.
My domain is: joojip.com
I ran this command:sudo certbot --nginx
It produced this output: Failed authorization procedure. temp.joojip.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
My web server is (include version): Server: nginx/1.10.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04.2 LTS/xenial
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
It’s also possible that there’s a firewall or something that blocks inbound connections on port 443 (that you might not have noticed before because you weren’t using HTTPS before for anything).
Hi, Thanks for pointing me towards firewall blocking 443. Now, port 443 is open, but I am getting a different error when I run certbot --nginx. Its now saying
Failed authorization procedure. temp.joojip.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data
Here's my nginx config:
server {
listen 443 default_server ssl;
server_name temp.joojip.com;
“Error getting validation data” is a catch-all for errors that we don’t specifically handle and turn into something nicer. Looking at the logs, I see that this particular example was “read: connection reset by peer.” That’s worth turning into a more informative error.
@iamsram, it seems like you have some pre-existing problem with your setup because https://temp.joojip.com/ doesn’t work in a browser and also doesn’t work with openssl s_client -connect temp.joojip.com:443 and similar commands.
Do you have any errors in your nginx logs? Or trouble with a firewall or something that prevents inbound connections on port 443?
Unless there is an include somewhere…
The vhost conf seems to be missing:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;