Renewing certificate behind https

doludizgin · September 13, 2017, 2:37pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hyperimes.com

I ran this command: usr/bin/certbot renew

It produced this output: Attempting to renew cert (hyperimes.com) from /etc/letsencrypt/renewal/hyperimes.com.conf produced an unexpected error: Failed authorization procedure. hyperimes.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://hyperimes.com/.well-known/acme-challenge/blHjAPfq7M2ecnfk1F7jR3WThcYPt-GiqIPCTZLpN7s: Timeout. Skipping.

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

https://hyperimes.com/.well-known/acme-challenge/test.txt is reachable. But still having problems with renewing the certificate.

I am running nginx with http to https rewrite, is this the problem ?

jared.m · September 13, 2017, 4:32pm

The rewrite shouldn’t be an issue, as Let’s Encrypt follows up to several redirects. Could you post the relevant vhost configuration and Let’s Encrypt log files? At a glance I don’t see any reason this wouldn’t be working.

sahsanu · September 13, 2017, 4:46pm

Hi @doludizgin,

I can’t reach your http site too:

$ curl -IkL http://hyperimes.com
curl: (7) Failed to connect to hyperimes.com port 80: Connection timed out

but I can reach your https site:

$ curl -IL https://hyperimes.com
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 13 Sep 2017 16:41:23 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sat, 08 Jul 2017 10:36:58 GMT
Connection: keep-alive
ETag: "5960b5ca-264"
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

So seems a firewall blocking port 80 or something not properly configured in your nginx conf

Cheers,
sahsanu

gotham · September 14, 2017, 5:28am

@doludizgin , If you are using proper rewrite rule , when we hit http://hyperimes.com it should redirect to https://hyperimes.com . can you post your config here.

or

make site available in http and https by removing rewrite rule .so that it can reach your site .

doludizgin · September 14, 2017, 7:48am

Oh stupid me, blocked port 80…

it worked.

Topic		Replies	Views
Facing the issue in renew the certificate Help	25	865	January 22, 2023
Renew failure (Failed authorization procedure) Help	6	675	May 3, 2019
Cert Renewal Failure Help	4	385	March 12, 2024
Failed authorization procedure. Timeout during connect (likely firewall problem) Help	4	863	September 8, 2021
I'm trying to renewal my certificate but it's now renewing Help	8	520	July 9, 2022

Renewing certificate behind https

Related topics