Sorry, I’m a bit lost as I’am not familiar with network stuff and I’m facing an issue when I try to use letsencrypt that I don’t understand well.
I’m going to prepare a new server which will only respond to https urls.
As this server is not opened for public for the time being, I obviously had to open some ports using iptables.
I then opened ports 80 and 443 for all sources to my destination.
The port 80 is redirected to 443 by tha apache directive virtualhost using : Redirect 301 / https://my_site.fr
When I use :
./letsencrypt-auto --test-cert --apache --domain my_site.fr
i get the following error message :
FailedChallenges: Failed authorization procedure. my_site.fr (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge
- The following errors were reported by the server:
Detail: Failed to connect to host for DVSNI challenge
The A DNS entry seems to be ok (DNS is an OVH one), I can connect to that server from home using its fqdn :
$ dig A my_site.fr
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> A my_site.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20201
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my_site.fr. IN A
;; ANSWER SECTION:
my_site.fr. 3600 IN A 176.xxx.xxx.xxx
My apache config is
ServerAdmin root@my_site.fr ServerName my_site.fr Redirect 301 / https://my_site.fr/
ServerName my_site.fr ServerAdmin root@localhost ServerSignature Off DocumentRoot /var/www SSLEngine on SSLCertificateFile /etc/ssl/certs/msg_server.crt SSLCertificateKeyFile /etc/ssl/private/msg_server.key .... snip ....
Apache is well listening on 443
netstat -tulpn | grep :443
tcp6 0 0 :::443 :::* LISTEN 32020/apache2
Anyone could show me were I missed something ?