Problem getting certificate for email server on separate host from web server


#1

Please fill out the fields below so we can help you better.

My domain is: mailgw.simonharwood.co.uk

I ran this command: letsencrypt certonly --standalone --standalone-supported-challenges http-01 --email postmaster@simonharwood.co.uk -d mailgw.simonharwood.co.uk --rsa-key-size 4096 --agree-tos

It produced this output:
Failed authorization procedure. mailgw.simonharwood.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mailgw.simonharwood.co.uk/.well-known/acme-challenge/A1k2jTH6H3EJx47yVgS88brcegutw5d4DeB2qu3e4Rk: "

404 Not Found

Not Found

<p"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mailgw.simonharwood.co.uk
    Type: unauthorized
    Detail: Invalid response from http://mailgw.simonharwood.co.uk
    /.well-known/acme-
    challenge/A1k2jTH6H3EJx47yVgS88brcegutw5d4DeB2qu3e4Rk: "

    404 Not Found

    Not Found

    <p"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

My operating system is (include version): Ubuntu 16.04.2 LTS

My web server is (include version): (Apache2)

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

I have a single IP address behind a NAT router with port redirection dependent on service. Ports 80 and 443 are forwarded to my www server.
I have successfully obtained and installed a certificate on my www server and would like to do the same for my email server for ssl/submission port security.
I have separate VMs for www and incoming email servers. The email server does not host a www server.
I have configured a reverse proxy on the www server to forward port 80 onto the email server, which can receive port 80 successfully, when addressed using the email server hostname. This works. Unfortunately the letsencrypt standalone server does not send back the validation data.
I am running the letsencrypt command as root.

Any help with this would be gratefully received.


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.