Renewing Certificate Fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
certbot certonly --quiet --keep-until-expiring --webroot -w /var/www/ -d -d

It produced this output:
Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Invalid hostname in redirect target, must end in IANA registered TLD

My web server is (include version):
nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04.5 LTS

My hosting provider, if applicable, is:
Amazon Web Services

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.14.2

Hi @jon-childs

com is a top level domain. But there is a dot after com, that's wrong. Checking your domain via - yep, there is really a curious redirect:

Domainname Http-Status redirect Sec. G 302 0.364 D 301 0.507 A 301 0.340 A 301 0.340 A -2 1.514 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 200 2.527 I 200 2.024 I 301 0.343 A
Visible Content: 301 Moved Permanently nginx/1.10.3 (Ubuntu) 301 0.347 A
Visible Content: 301 Moved Permanently nginx/1.10.3 (Ubuntu) -1 0.363 U
Interner Fehler: Unable to read data from the transport connection: The connection was closed.
Visible Content: 404 1.680 A
Not Found

The first row - a dot is added. And checking


crashes (looks like a bug in my tool I should fix), but checking that url manual there is the dot:


So find your port 80 vHost and change your rewrite rule.

Hi @JuergenAuer, thanks for your reply! That is a very curious redirect. It’s strange because it is setup as so many of our other sites are. I’ll have to dig for a discrepancy.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.