Renewal Failed:Unable to Connect to WWW


#1

I am having issue renewal my certificates. 3 months ago, I was able to create certificates with a domain with several subdomains. My certificates are due to expire in a week. I noticed my cron job is failing.

When I try to manually renew, I am getting this error:

Attempting to renew cert from /etc/letsencrypt/renewal/ducsu.com.conf produced an unexpected error: Failed authorization procedure. www.ducsu.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to . Skipping.

It seems letsencrypt cannot connect to ‘www.ducsu.com’. However, ‘ducsu.com’ connects fine along with my other subdomains. In my nginx conf file, I have ducsu.com redirect to www.ducsu.com. The cause is possibly from my redirect?

server {
listen 80;
server_name ducsu.com;
return 301 https://www.ducsu.com$request_uri;
}

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
index index.html index.php;

## Begin - Server Info
root /home/pi/www/ducsu;
server_name www.ducsu.com;
## End - Server Info

}


#2

Something is definitely wrong with the redirection.

http://ducsu.com/example generates a 301 to https://www.ducsu.com/example (which is fine)

but

http://www.ducsu.com/example generates a 302 to http:// (no host or path!)

Perhaps this 302 redirection is a result of something somewhere else in your configuration?


#3

Hi @duceduc,

Right now, if I try to connect to www.ducsu.com (port 80) i get an infinite loop.

$ curl -ILk http://www.ducsu.com
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.10.3
Date: Thu, 27 Apr 2017 23:54:31 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: http://

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.10.3
Date: Thu, 27 Apr 2017 23:54:32 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: http://

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.10.3
Date: Thu, 27 Apr 2017 23:54:32 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: http://

[...and so on...]

I don’t know if you have another server block (port 80) only for www.ducsu.com or another kind of redirection (keep in mind that your server redirects with a 302 code so something is redirecting it) so you should double check your conf… and maybe you could include www.ducsu.com in your current server block for ducsu.com

server {
listen 80;
server_name ducsu.com www.ducsu.com;
return 301 https://www.ducsu.com$request_uri;
}

Cheers,
sahsanu


#4

Thanks guys. That was it. Added www.ducsu.com to my conf and letsencrypt is able to to connect. My certs are renewed now.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.