Server is unable to connect to the client


#1

I am trying to get my certs running on my server however the install fails out with the following

2015-12-07 13:47:26,222:INFO:letsencrypt.auth_handler:Waiting for verification…
2015-12-07 13:47:26,232:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 13:47:29,547:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 13:47:29,913:INFO:letsencrypt.reporter:Reporting to user: The following ‘urn:acme:error:connection’ errors were reported by the server:

Domains: mail.hastingstechs.com
Error: The server could not connect to the client for DV
2015-12-07 13:47:29,913:INFO:letsencrypt.auth_handler:Cleaning up challenges
Failed authorization procedure. mail.hastingstechs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge

IMPORTANT NOTES:

  • The following ‘urn:acme:error:connection’ errors were reported by
    the server:

    Domains: mail.hastingstechs.com
    Error: The server could not connect to the client for DV

I am able to ping the server but am unable to find anything that details what is going wrong.

Any assistance is appreciated.


#2

Please run the client in verbose mode (-v) and provide:

  1. The exact command (including all arguments or options you selected in interactive mode) you used
  2. the full command output
  3. any log files in /var/log/letsencrypt/

#3

same problem debian jessie


#4

2015-12-07 19:28:22,288:DEBUG:letsencrypt.cli:Root logging level set at 30
2015-12-07 19:28:22,289:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-12-07 19:28:22,290:DEBUG:letsencrypt.cli:letsencrypt version: 0.1.0
2015-12-07 19:28:22,290:DEBUG:letsencrypt.cli:Arguments: [’-webroot’, ‘-w’, ‘/home/www.domain.com/’, ‘–apache’]
2015-12-07 19:28:22,292:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-12-07 19:28:22,297:DEBUG:letsencrypt.cli:Requested authenticator apache and installer apache
2015-12-07 19:28:22,615:DEBUG:letsencrypt.display.ops:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f5df3f1e890>
Prep: True
2015-12-07 19:28:22,616:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f5df3f1e890> and installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f5df3f1e890>
2015-12-07 19:28:37,243:DEBUG:letsencrypt.cli:Picked account: <Account(3d922718fea6b7311a7da1e8e8ad1ec1)>
2015-12-07 19:28:37,244:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-12-07 19:28:37,248:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 19:28:37,642:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 263
2015-12-07 19:28:37,645:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘263’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:37 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:37 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘h5Hv54h_sd3fIhJYS_3nQNS73v0KRiu4aZMGXnHsxMA’}. Content: '{“new-authz”:“https://acme-v01.api.letsencrypt.org/acme/new-authz",“new-cert”:“https://acme-v01.api.letsencrypt.org/acme/new-cert”,“new-reg”:“https://acme-v01.api.letsencrypt.org/acme/new-reg”,“revoke-cert”:"https://acme-v01.api.letsencrypt.org/acme/revoke-cert”}'
2015-12-07 19:28:37,646:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘263’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:37 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:37 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘h5Hv54h_sd3fIhJYS_3nQNS73v0KRiu4aZMGXnHsxMA’}): ‘{“new-authz”:“https://acme-v01.api.letsencrypt.org/acme/new-authz",“new-cert”:“https://acme-v01.api.letsencrypt.org/acme/new-cert”,“new-reg”:“https://acme-v01.api.letsencrypt.org/acme/new-reg”,“revoke-cert”:"https://acme-v01.api.letsencrypt.org/acme/revoke-cert”}‘
2015-12-07 19:28:37,820:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0003_key-letsencrypt.pem
2015-12-07 19:28:37,823:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0003_csr-letsencrypt.pem
2015-12-07 19:28:37,824:DEBUG:letsencrypt.client:CSR: CSR(file=’/etc/letsencrypt/csr/0003_csr-letsencrypt.pem’, data=‘0\x82\x02\x8c0\x82\x01t\x02\x01\x000\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fprojekt.domain.com\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xc7\xa6\xa2\xe73H\x80r\xba\xd3\xbcU\x95Z\x82\xd0CuA\xcb\x96x\x7f\xd6\x9f\xe8\xc0\x8fp\x18\x1f\x8e\x84\x8f\xe8L\xd7\xc8\xa1/\xfe\x87\xef\x01\x13\xb8\x15\x82\xc1\xa2\xb0\xc4U\x98\xfa\tC\x03\x7fa\xb0\x01\x84\xa0\xfd\xd3\xc40\xa2<\tj-\xcf\x1e\x88r\xc4\xf2\x11i\x9c\xdf\x18\x9d\xab\x07\xab\x10=\x1cp\x8bZU\x94Hl\xe4\x83\x94\x81\xcdy9\xd9\'#\x96^[c\xffkh\xc6?\xb5=U\x86:\xe5\xb5fs\xb6\x17\x0e\xebs\xe0\x17\x9b\xf0\x8a%hR\xf3\xc1\xcf[~\x9caM>{\x8b\x84;\xe9\x90\x03\xddF\xba\x8f\xd1>&~u\x83\x90\x0fn[oi\xee\xe12P,\xdb\xe5\x96\xe0\xf8\xe0F\xb7\xb4\xba?\xb1\x86\xe5\xec\xad(1\x1f\x17\xca\xac\xe1\xd3g\xcaN(9\x9f\x9e\xac\xc1\xae\x8e\xa4\xaf\xc3\x00\xc0w\xce\xd8l6?yV@\xadC\xcf|\xc6!<1\x01\x9cx\xe2\xfd\xc4I\tL\xa1\xa1\xd1\xa6\xd0\xa4\xdbD\xaf\xf0\xc6m\x02\x03\x01\x00\x01\xa0-0+\x06\t*\x86H\x86\xf7\r\x01\t\x0e1\x1e0\x1c0\x1a\x06\x03U\x1d\x11\x04\x130\x11\x82\x0fprojekt.domain.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00{nz\x1c\x04\xee\x05\xf4\xa5j\x0e\xf6\x15\x93\xd4u\xa9&m\xdf\x8e\x81\r\x04\xfb\x04\xfal\xe4N\x10<b8I\xa12-\xeb\xd8\xd7\xe4)\xd94>\x05\xf5u\xf6\x16\xd1\xfe\xeeN\xab\xca\x18\xd1\xa3\x1e*\'\xcb\xd8\x9c\x85H\x99\xe9@\xe8\xfe\xf1eIv:n\x98\xad\xe9G\x9bU\x85"q\xaf\x12\\b\x15\x96\xfds\xbe\x89\xc9\x97\x88\xf3j\x9d)\x04y\xb4\x0f%\x1bf\xd6wd\x9f\x16\xb402\xc1A\xb1\xb70\x8c\x86\xef\xe7\xe7\x0f\x87q\xb17Rh\nm\x13\x08Mdf\xee\xdb<\xcd\x82R\x95\xa7\xa1\x96&\x9f\x11Q G{C:\x8e\xe6]6\x98\x91\xeeJD\xf5\xdf\xd7’$\xf7\xfe\x14\x85\xc2\x05\x982wk,\xc4\xaa7M\xe5~\x95\x86y>Pv)\x8aU\xe5n\x935\xfeA\xf2\x94\t\xdc4\xa3y\x1aB\xc3\xe8\xd7\x1b\x00\xdb\xfc\xf0\xef7\xbb\x91\xb0\x1e\xe1\xc5\xc1P\xf9z \xc4\xe7\xe2:\x88\x14<lY="\x85\xa0\\', form='der'), domains: ['projekt.domain.com'] 2015-12-07 19:28:37,824:DEBUG:root:Requesting fresh nonce 2015-12-07 19:28:37,824:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {} 2015-12-07 19:28:37,825:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2015-12-07 19:28:38,114:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0 2015-12-07 19:28:38,117:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '0', 'Pragma': 'no-cache', 'Expires': 'Mon, 07 Dec 2015 19:28:37 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 07 Dec 2015 19:28:37 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'gykChVayiJbm_CqOodFoMalPxPxY3iumugkhYpU1j-U'}. Content: '' 2015-12-07 19:28:38,118:DEBUG:acme.client:Storing nonce: '\x83)\x02\x85V\xb2\x88\x96\xe6\xfc*\x8e\xa1\xd1h1\xa9O\xc4\xfcX\xde+\xa6\xba\t!b\x955\x8f\xe5' 2015-12-07 19:28:38,118:DEBUG:acme.jose.json_util:Omitted empty fields: status=None, combinations=None, expires=None, challenges=None 2015-12-07 19:28:38,119:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "projekt.domain.com"}, "resource": "new-authz"} 2015-12-07 19:28:38,121:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, alg=None, jku=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None, jwk=None 2015-12-07 19:28:38,123:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None 2015-12-07 19:28:38,124:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0q8k1C3kWxqQ6ymwEkTFl9yfkSvLZOROF9Eh4JydiO3rpXJI2OlBaBPOqVnvB22aGRJEoIkppBiO219zQULa_I7jeIYA0cLk8yccvvJDDIXH_treELA3e39ZhHieKZJhKdAc0hmUK1w0bkvZwxBnvI26Wkbps7XyRMHxNMwZdbQLBKuetHB971G2iDybVXSPe41Ran-tckBfQ2ynjliv-mpv5oHNMltqjGonAM5hnmpxZLEeAYm75tK9q2wm_2CqaFoDOffeGQBlOLn0cASwDH1tIO3BpykvaCUqjNKJlUAGZuQtPypGUGztWtEzEyyp3AbOUmR9KnE2-5g81yOaJw"}}, "protected": "eyJub25jZSI6ICJneWtDaFZheWlKYm1fQ3FPb2RGb01hbFB4UHhZM2l1bXVna2hZcFUxai1VIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJwcm9qZWt0LnZza2UuY3oifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "zjzCMCurQmwt1jMiPzRZU4rMygcpsuBDJ9OfK4Tdl2ozrW5KszwpspTklToAjgOyjzR7P4uiyZ75RXFz3p12zrQSmIjdTNlNqWlawzJ4ZEA8janjW8fWY-oY-GSpsBKMofc7KCWuT7abOGgcZDTIXFNuV_x1iXhV2hVkXZS0WAGLp_WCS4udEJwpaullvQ7ceB_tKjKf-v1XQsx-DPXqwsp597cENWM38gIa37S71WM5IaHTMevp5by7gw5Qgvgwed9bHTnDQ2VIGWoCc9_QcORGIse8jhga-SB4st40GNJAM5MuVhoJ6TgyvbJrks1lwwwbgZyaRT2wdQA3YmFa8w"}'} 2015-12-07 19:28:38,124:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2015-12-07 19:28:38,467:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 568 2015-12-07 19:28:38,470:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '568', 'Expires': 'Mon, 07 Dec 2015 19:28:38 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 07 Dec 2015 19:28:38 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'qe0z6YrCFhoW5sdiXHO9D-lgfYOu-_nAKU79css9-jc'}. Content: '{"identifier":{"type":"dns","value":"projekt.domain.com"},"status":"pending","expires":"2015-12-14T19:28:38.144730933Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599","token":"xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214600","token":"3X51K50Ntc3zGiQQbc8bhoozgmMBpovATau8kzeGCxY"}],"combinations":[[0],[1]]}' 2015-12-07 19:28:38,471:DEBUG:acme.client:Storing nonce: '\xa9\xed3\xe9\x8a\xc2\x16\x1a\x16\xe6\xc7b\\s\xbd\x0f\xe9}\x83\xae\xfb\xf9\xc0)N\xfdr\xcb=\xfa7’
2015-12-07 19:28:38,472:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘568’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:38 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:38 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘qe0z6YrCFhoW5sdiXHO9D-lgfYOu-nAKU79css9-jc’}): '{“identifier”:{“type”:“dns”,“value”:“projekt.domain.com”},“status”:“pending”,“expires”:“2015-12-14T19:28:38.144730933Z”,“challenges”:[{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599",“token”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98”},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214600”,“token”:“3X51K50Ntc3zGiQQbc8bhoozgmMBpovATau8kzeGCxY”}],"combinations”:[[0],[1]]}'
2015-12-07 19:28:38,473:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-12-07 19:28:38,473:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for projekt.domain.com
2015-12-07 19:28:38,532:DEBUG:letsencrypt_apache.configurator:Enabled dependency of ssl module - socache_shmcb
2015-12-07 19:28:38,590:INFO:letsencrypt_apache.configurator:Enabled Apache ssl module
2015-12-07 19:28:38,718:DEBUG:letsencrypt_apache.configurator:No Listen 443 directive found. Setting the Apache Server to Listen on port 443
2015-12-07 19:28:39,032:DEBUG:letsencrypt.reverter:Creating backup of /etc/apache2/ports.conf
2015-12-07 19:28:39,034:DEBUG:letsencrypt.reverter:Creating backup of /etc/apache2/apache2.conf
2015-12-07 19:28:42,255:INFO:letsencrypt.auth_handler:Waiting for verification…
2015-12-07 19:28:42,256:DEBUG:acme.client:Serialized JSON: {“keyAuthorization”: “xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98.oW8yJG-PyjryvJ9V85JSgGyn_LChbo2Pos3f_ae2Uu4”, “type”: “tls-sni-01”, “resource”: “challenge”}
2015-12-07 19:28:42,259:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, alg=None, jku=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None, jwk=None
2015-12-07 19:28:42,265:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2015-12-07 19:28:42,266:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599. args: (), kwargs: {‘data’: '{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “0q8k1C3kWxqQ6ymwEkTFl9yfkSvLZOROF9Eh4JydiO3rpXJI2OlBaBPOqVnvB22aGRJEoIkppBiO219zQULa_I7jeIYA0cLk8yccvvJDDIXH_treELA3e39ZhHieKZJhKdAc0hmUK1w0bkvZwxBnvI26Wkbps7XyRMHxNMwZdbQLBKuetHB971G2iDybVXSPe41Ran-tckBfQ2ynjliv-mpv5oHNMltqjGonAM5hnmpxZLEeAYm75tK9q2wm_2CqaFoDOffeGQBlOLn0cASwDH1tIO3BpykvaCUqjNKJlUAGZuQtPypGUGztWtEzEyyp3AbOUmR9KnE2-5g81yOaJw”}}, “protected”: “eyJub25jZSI6ICJxZTB6NllyQ0Zob1c1c2RpWEhPOUQtbGdmWU91LV9uQUtVNzljc3M5LWpjIn0”, “payload”: “eyJrZXlBdXRob3JpemF0aW9uIjogInhSZmdobTlSa09TRFN6ZDRBVE1DRTFQamVtSEw3MWFSV0lmTjBPT01MOTgub1c4eUpHLVB5anJ5dko5Vjg1SlNnR3luX0xDaGJvMlBvczNmX2FlMlV1NCIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0”, “signature”: "iYZMofnTNY9A2-vp83xTNyy1R-eF3dIY2GLsNpg478Z
-vqGVLcV8pL-9AkqIf4m0Yr7H1FzNJWG-NMaQvPuZ2NRm9ko97zxUtFrEMTTSQfUkfTSztCAe1Zt8oSSY_0DCnNjRcBd0isahUq2U0z1mk4q2BzdLasPREKJfYv–XqlroCunm0rH502qnzQ-D_bDGkRhyFt3SKoF89wyR5bM3-sySd9ZkUfoKkiFlpt6h_UYIObALSIFBnOz978zPAotS0_q4VqsXlM31Y2T7dlKh0y6zXWafdGlcgz0XSHz-2QO1eZaPqfuegGvc0ZCjAKUGyzLsdf10r4TCCiSulB7w"}’}
2015-12-07 19:28:42,268:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 19:28:42,595:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599 HTTP/1.1” 202 315
2015-12-07 19:28:42,598:DEBUG:root:Received <Response [202]>. Headers: {‘Content-Length’: ‘315’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:42 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:42 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘ovZLX3AA5IbqoQhXdfTuMpoGyTnWdhMmgjae44z3loA’}. Content: '{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599",“token”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98”,“keyAuthorization”:"xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98.oW8yJG-PyjryvJ9V85JSgGyn_LChbo2Pos3f_ae2Uu4”}'
2015-12-07 19:28:42,599:DEBUG:acme.client:Storing nonce: '\xa2\xf6K_p\x00\xe4\x86\xea\xa1\x08Wu\xf4\xee2\x9a\x06\xc99\xd6v\x13&\x826\x9e\xe3\x8c\xf7\x96\x80’
2015-12-07 19:28:42,600:DEBUG:acme.client:Received response <Response [202]> (headers: {‘Content-Length’: ‘315’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:42 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:42 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘ovZLX3AA5IbqoQhXdfTuMpoGyTnWdhMmgjae44z3loA’}): '{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599",“token”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98”,“keyAuthorization”:"xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98.oW8yJG-PyjryvJ9V85JSgGyn_LChbo2Pos3f_ae2Uu4”}'
2015-12-07 19:28:45,603:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk. args: (), kwargs: {}
2015-12-07 19:28:45,605:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 19:28:45,891:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk HTTP/1.1” 200 667
2015-12-07 19:28:45,892:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘667’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:45 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:45 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘oRKVWnx249desaPxpkulggUo9tjA8FDq3Ua4pwISz64’}. Content: '{“identifier”:{“type”:“dns”,“value”:“projekt.domain.com”},“status”:“pending”,“expires”:“2015-12-14T19:28:38Z”,“challenges”:[{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599",“token”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98”,“keyAuthorization”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98.oW8yJG-PyjryvJ9V85JSgGyn_LChbo2Pos3f_ae2Uu4”},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214600”,“token”:“3X51K50Ntc3zGiQQbc8bhoozgmMBpovATau8kzeGCxY”}],"combinations”:[[0],[1]]}'
2015-12-07 19:28:45,894:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘667’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:45 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:45 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘oRKVWnx249desaPxpkulggUo9tjA8FDq3Ua4pwISz64’}): '{“identifier”:{“type”:“dns”,“value”:“projekt.domain.com”},“status”:“pending”,“expires”:“2015-12-14T19:28:38Z”,“challenges”:[{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599",“token”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98”,“keyAuthorization”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98.oW8yJG-PyjryvJ9V85JSgGyn_LChbo2Pos3f_ae2Uu4”},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214600”,“token”:“3X51K50Ntc3zGiQQbc8bhoozgmMBpovATau8kzeGCxY”}],"combinations”:[[0],[1]]}'
2015-12-07 19:28:48,898:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk. args: (), kwargs: {}
2015-12-07 19:28:48,900:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 19:28:49,169:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk HTTP/1.1” 200 902
2015-12-07 19:28:49,172:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘902’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:48 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:48 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘Eudd4iTbyyRbM2GQnD2vOZ7u6z8XwgWBuZIdvEUomNA’}. Content: '{“identifier”:{“type”:“dns”,“value”:“projekt.domain.com”},“status”:“invalid”,“expires”:“2015-12-14T19:28:38Z”,“challenges”:[{“type”:“tls-sni-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:connection”,“detail”:“Failed to connect to host for DVSNI challenge”},“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599",“token”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98”,“keyAuthorization”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98.oW8yJG-PyjryvJ9V85JSgGyn_LChbo2Pos3f_ae2Uu4”,“validationRecord”:[{“hostname”:“projekt.domain.com”,“port”:“443”,“addressesResolved”:[“95.129.96.133”],“addressUsed”:“95.129.96.133”}]},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214600”,“token”:“3X51K50Ntc3zGiQQbc8bhoozgmMBpovATau8kzeGCxY”}],"combinations”:[[0],[1]]}'
2015-12-07 19:28:49,173:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘902’, ‘Expires’: ‘Mon, 07 Dec 2015 19:28:48 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 07 Dec 2015 19:28:48 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘Eudd4iTbyyRbM2GQnD2vOZ7u6z8XwgWBuZIdvEUomNA’}): '{“identifier”:{“type”:“dns”,“value”:“projekt.domain.com”},“status”:“invalid”,“expires”:“2015-12-14T19:28:38Z”,“challenges”:[{“type”:“tls-sni-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:connection”,“detail”:“Failed to connect to host for DVSNI challenge”},“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214599",“token”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98”,“keyAuthorization”:“xRfghm9RkOSDSzd4ATMCE1PjemHL71aRWIfN0OOML98.oW8yJG-PyjryvJ9V85JSgGyn_LChbo2Pos3f_ae2Uu4”,“validationRecord”:[{“hostname”:“projekt.domain.com”,“port”:“443”,“addressesResolved”:[“95.129.96.133”],“addressUsed”:“95.129.96.133”}]},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O0p-Pqrwj5RBgADE2JQMeSeDcQq7mDLItFx5m9U0nfk/1214600”,“token”:“3X51K50Ntc3zGiQQbc8bhoozgmMBpovATau8kzeGCxY”}],"combinations”:[[0],[1]]}'
2015-12-07 19:28:49,174:INFO:letsencrypt.reporter:Reporting to user: The following ‘urn:acme:error:connection’ errors were reported by the server:

Domains: projekt.domain.com
Error: The server could not connect to the client for DV
2015-12-07 19:28:49,175:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-12-07 19:28:49,496:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1283, in main
return args.func(args, config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 470, in run
lineage = _auth_from_domains(le_client, config, domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 336, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 283, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 266, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 224, in _obtain_certificate
authzr = self.auth_handler.get_authorizations(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. projekt.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge


#5

The command run is:
./letsencrypt-auto --server https://acme-v01.api.letsencrypt.org/directory auth --text -v

Program output:

Updating letsencrypt and virtual environment dependencies…
Requirement already up-to-date: setuptools in /root/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: pip in /root/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: letsencrypt in /root/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: letsencrypt-apache in /root/.local/share/letsencrypt/lib/python2.7/site-packages
Requirement already up-to-date: acme==0.1.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: setuptools in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: python2-pythondialog>=3.2.2rc1 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: PyOpenSSL in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: requests in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: parsedatetime in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: configobj in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: pytz in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: psutil>=2.1.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: six in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: cryptography>=0.7 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: zope.interface in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: zope.component in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: mock in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: ConfigArgParse in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: pyrfc3339 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Requirement already up-to-date: python-augeas in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt-apache)
Requirement already up-to-date: pyasn1 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.1.0->letsencrypt)
Requirement already up-to-date: ndg-httpsclient in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.1.0->letsencrypt)
Requirement already up-to-date: werkzeug in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.1.0->letsencrypt)
Requirement already up-to-date: idna>=2.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: enum34 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: ipaddress in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: cffi>=1.1.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt)
Requirement already up-to-date: zope.event in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from zope.component->letsencrypt)
Requirement already up-to-date: funcsigs in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from mock->letsencrypt)
Requirement already up-to-date: pbr>=0.11 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from mock->letsencrypt)
Requirement already up-to-date: pycparser in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cffi>=1.1.0->cryptography>=0.7->letsencrypt)
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --server https://acme-v01.api.letsencrypt.org/directory auth --text -v
2015-12-07 14:36:25,879:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the Let’s Encrypt CA?

1: Apache Web Server - Alpha (apache)
2: Automatically use a temporary webserver (standalone)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
2015-12-07 14:36:31,012:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel):mail.hastingstechs.com
2015-12-07 14:36:44,068:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0007_key-letsencrypt.pem
2015-12-07 14:36:44,080:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0007_csr-letsencrypt.pem
2015-12-07 14:36:44,082:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 14:36:44,368:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 14:36:44,715:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-12-07 14:36:44,716:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for mail.hastingstechs.com

We were unable to find a vhost with a ServerName or Address of mail.hastingstechs.com.
Which virtual host would you like to choose?

1: default-ssl.conf | | HTTPS |
2: default-ssl.conf.old | | HTTPS |
3: 000-default.conf | | | Enabled
4: 000-default-le-ssl.conf | | HTTPS | Enabled

Select the appropriate number [1-4] then [enter] (press ‘c’ to cancel): 1
2015-12-07 14:36:51,398:INFO:letsencrypt.auth_handler:Waiting for verification…
2015-12-07 14:36:51,407:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 14:36:54,775:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-07 14:36:55,233:INFO:letsencrypt.reporter:Reporting to user: The following ‘urn:acme:error:connection’ errors were reported by the server:

Domains: mail.hastingstechs.com
Error: The server could not connect to the client for DV
2015-12-07 14:36:55,234:INFO:letsencrypt.auth_handler:Cleaning up challenges
Failed authorization procedure. mail.hastingstechs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge

IMPORTANT NOTES:

  • The following ‘urn:acme:error:connection’ errors were reported by
    the server:

    Domains: mail.hastingstechs.com
    Error: The server could not connect to the client for DV

Error Logs:

2015-12-07 19:36:25,879:DEBUG:letsencrypt.cli:Root logging level set at 20
2015-12-07 19:36:25,879:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-12-07 19:36:25,879:DEBUG:letsencrypt.cli:letsencrypt version: 0.1.0
2015-12-07 19:36:25,879:DEBUG:letsencrypt.cli:Arguments: [’–server’, ‘https://acme-v01.api.letsencrypt.org/directory’, ‘–text’, ‘-v’]
2015-12-07 19:36:25,879:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-12-07 19:36:25,880:DEBUG:letsencrypt.cli:Requested authenticator None and installer None
2015-12-07 19:36:27,085:DEBUG:letsencrypt.plugins.disco:Other error:(PluginEntryPoint#webroot): --webroot-path must be set
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/plugins/disco.py”, line 103, in prepare
self._initialized.prepare()
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/plugins/webroot.py”, line 54, in prepare
self.option_name(“path”)))
PluginError: --webroot-path must be set
2015-12-07 19:36:27,089:DEBUG:letsencrypt.display.ops:Multiple candidate plugins: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7f2f2b921c90>
Prep: True

Domains: mail.hastingstechs.com
Error: The server could not connect to the client for DV
2015-12-07 19:36:55,234:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-12-07 19:36:55,722:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1283, in main
return args.func(args, config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 512, in obtain_cert
_auth_from_domains(le_client, config, domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 336, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 283, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 266, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 224, in _obtain_certificate
authzr = self.auth_handler.get_authorizations(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. mail.hastingstechs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge


#6

Are you sure default-ssl.conf is the VHost that handles https://mail.hastingstechs.com? The client indicates it’s disabled. With tls-sni-01, Let’s Encrypt has to modify the correct VHost configuration to solve the challenge - this might not work if you pick the wrong VHost here.

If you can live with a minute of downtime, I would recommend using the apache plugin in standalone mode, where Let’s Encrypt takes over port 80 for a short period to serve challenge files.

Another option would be using the webroot plugin and do the apache configuration on your own. This would avoid any downtime.


#7

I don’t think you can combine –apache with –webroot - they’re separate plugins. The apache plugin supports tls-sni-01 or standalone mode (where letsencrypt spawns a web server temporarily to serve challenge files). If you would like to use webroot, call the client with certonly --webroot -w /home/www.domain.com/ and configure apache manually.


#8

Standalone was able to pull the certs but does not appear to have applied them to the config for apache.
This may be an issue with the way zentyal is built.
I was very likely pointing to the wrong config file. Using one of the enabled ones results in the same error.

Thank you for the assistance.


#9

I tried witout webroot only --apache and same result


#10

I tried connecting to port 443 (https) on the IP in your log (95.129.96.133) but was unable to. With tls-sni-01 Let’s Encrypt needs to be able to connect via https from their CA server. Make sure no firewall rules are interfering or switch to a plugin that only requires HTTP access (e.g. webroot or apache in standalone mode).