Renew fails on only one subdomain

My domain is:
4ever.sk

I ran this command:
./certbot-auto certonly -a standalone -d 4ever.sk -d adminssite.4ever.sk -d d.4ever.sk -d download.4ever.sk -d obrazky.4ever.sk -d pmavs.4ever.sk -d vtipy.4ever.sk -d textovky.4ever.sk
or
./certbot-auto renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for 4ever.sk
tls-sni-01 challenge for adminssite.4ever.sk
tls-sni-01 challenge for d.4ever.sk
tls-sni-01 challenge for download.4ever.sk
tls-sni-01 challenge for obrazky.4ever.sk
tls-sni-01 challenge for pmavs.4ever.sk
tls-sni-01 challenge for vtipy.4ever.sk
tls-sni-01 challenge for textovky.4ever.sk
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. textovky.4ever.sk (tls-sni-01): urn:acme:error:connection :: The server could not con nect to the client to verify the domain :: Timeout

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: textovky.4ever.sk
    Type: connection
    Detail: Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

In log:
[root@virtualhost-664]-[~]# tail -100f /var/log/letsencrypt/letsencrypt.log
Server: nginx
Content-Type: application/json
Content-Length: 1508
Boulder-Request-Id: H68gy35YT21NIkVNBOeilDEtfX9fMHLn580uvQb1oDU
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: V1xBuy-G51xEBCTSzHrwL8NMU1JGjJ4-G5xcksoYstg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 28 Jun 2017 15:07:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 28 Jun 2017 15:07:12 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “textovky.4ever.sk
},
“status”: “invalid”,
“expires”: “2017-07-05T15:07:02Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/tosDuEp0DRkcs8RNPEFxdSo3eDitHYgVTXjuH1c6RAo/1440987190”,
“token”: “ZjVAYgOxYl1u1jPY82QGjLdI2araU8IUJVomy2rwzvU”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/tosDuEp0DRkcs8RNPEFxdSo3eDitHYgVTXjuH1c6RAo/1440987191”,
“token”: “8c8szM-j7ySGxWbBlOUMougLzz01yG3d35XYgfyDmAs”
},
{
“type”: “tls-sni-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Timeout”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/tosDuEp0DRkcs8RNPEFxdSo3eDitHYgVTXjuH1c6RAo/1440987192”,
“token”: “QRXXYVQQJ4a6q_dMYFyGy439tds_i0PTCD83px4samQ”,
“keyAuthorization”: “QRXXYVQQJ4a6q_dMYFyGy439tds_i0PTCD83px4samQ.t-6y7Lglkjfruy6Mw2151Rhy82TeC1NQbrFZ8kUbJMc”,
“validationRecord”: [
{
“hostname”: “textovky.4ever.sk”,
“port”: “443”,
“addressesResolved”: [
“92.240.254.205”
],
“addressUsed”: “92.240.254.205”,
“addressesTried”: []
}
]
}
],
“combinations”: [
[
2
],
[
0
],
[
1
]
]
}
2017-06-28 15:07:12,267:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: textovky.4ever.sk
Type: connection
Detail: Timeout

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2017-06-28 15:07:12,267:INFO:certbot.auth_handler:Cleaning up challenges
2017-06-28 15:07:12,271:DEBUG:certbot.plugins.standalone:Stopping server at :::443…
2017-06-28 15:08:47,361:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 743, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 683, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 77, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/renewal.py”, line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py”, line 313, in obtain_certificate
self.config.allow_subset_of_names)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. textovky.4ever.sk (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

My web server is (include version):
Apache 2.2

The operating system my web server runs on is (include version):
Debian 7.11

I can login to a root shell on my machine: yes

I do not understand, why only this one subdomain (textovky) fails. If I try to make new certificate without it, it runs just fine. The domain and its DNS also works: http://textovky.4ever.sk
What is wrong?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.