Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):14 15
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for static.theukhighstreet.com
tls-sni-01 challenge for static.theukhighstreet.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. static.theukhighstreet.net (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Server only speaks HTTP, not TLS
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: static.theukhighstreet.net
Type: malformed
Detail: Server only speaks HTTP, not TLS
To fix these errors, please make sure that you did not provide any
invalid information to the client, and try running Certbot again.
Name and version of operating system: Centos 7
Webserver: Apache 2.4.6
As far as I can see the only difference between the domains is that one of them is on Cloudflare and the other isn’t. I’ve paused the domain on Cloudflare.
I’m sure you are correct. But having spent several days searching for the answer and not getting anywhere, I decided that perhaps I had reached the point where I needed some help finding it (or someone to point out the obvious mistake I must have made).
If you could point me to the thread with the answer in that would be extremely helpful.
As far as I can see all the Cloudflare threads state that if you pause Cloudflare, the certbot commands should work as though it wasn’t there. So maybe my issue has nothing to do with Cloudflare. I just can’t see what else is different between the two domains which could be causing it to fail for one of them.
Update: I found that I had a Listen 443 in the httpd.conf from testing certbot earlier. After removing that, I now get this error instead:
Failed authorization procedure. static.theukhighstreet.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: static.theukhighstreet.net
Type: connection
Detail: Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I’ve checked that I can access the domain from the web. So I don’t understand why I’m getting a connection refused error. I have the same error from another Cloudflare domain (paused on Cloudflare) but not from any domains which are not using Cloudflare.
Thanks for replying - but I can’t understand how this thread helps? I’ve paused Cloudflare. Feel free to point out my stupidity if I’m missing something.
In that artcile there is a command to use the webroot option (using port 80 which is open) and an apache installer (to configure and install your certificate)
I would suggest you use this command to get a certificate
Thanks. That would make sense if it wasn’t for the fact that I can use exactly the same command on my main domain on the same server and get a certificate with no problems.
I’ve updated my httpd.conf so it is now listening on 443 and the nmap scan says that 443 is now open but I still get an error when trying to get a certificate for static.theukhighstreet.net.
I had already tried downloading using the webroot plugin but that also gives an error.
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.theukhighstreet.com
tls-sni-01 challenge for static.theukhighstreet.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. static.theukhighstreet.net (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Server only speaks HTTP, not TLS
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: static.theukhighstreet.net
Type: malformed
Detail: Server only speaks HTTP, not TLS
To fix these errors, please make sure that you did not provide any
invalid information to the client, and try running Certbot again.
Thanks very much for your help. I’m sure it’s something obvious/stupid that I’m doing but I’m completely stuck.
