Server only speaks HTTP, not TLS - Ubuntu16.04/apache2 - install certbot

Hey guys, im trying to setup certbot on my VPS.
it always get stuck when i start the

$ letsencrypt --apache

i hit enter and get the following error:

Failed authorization procedure. (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Failed to connect to for TLS-SNI-01 challenge: Server only speaks HTTP, not TLS

 - The following errors were reported by the server:
   Type:   malformed
   Detail: Failed to connect to for TLS-SNI-01
   challenge: Server only speaks HTTP, not TLS
   To fix these errors, please make sure that you did not provide any
   invalid information to the client, and try running Let's Encrypt

I already tried:

  • reinstall apache
  • $ sudo ufw allow 443
  • default apache config
  • stop apche before $ letsencrypt --apache

I'm following this Guide:

This is my apache.conf

Other informations:
OS: Ubuntu 16.04
Hoster: vServer / VPS mit NVMe SSD und DDoS-Schutz mieten -

Thank you guys, really have no clue now how to fix it

just did a clean fresh new VPS install and i get the still the same error :confused:

hi @MiiAUWz

check your provider isn’t blocking port 443

for example on AWS (Amazon Web Services) you have to explicitly open up the ports both on the server and the gateway

I can see that you are letting port 80 through but not 443 so thats the first thing to fix


i think your default virtualhost for *:443 is a problem because it doesn’t actually speak HTTPS (with the various Apache SSLCertificate[...]file directives). Without these directives, you are creating an HTTP virtualhost, which doesn’t generally belong on port 443. I would suggest removing that virtualhost entirely.

@ahaw021, with the error “Server only speaks HTTP”, the CA did succeed in connecting on port 443, so there’s probably not a firewall blocking it. The problem is that the web server spoke HTTP instead of HTTPS on port 443.

Quick question.
My ports.conf file (Apache2 - ubuntu 16.04) covers ssl:

Listen 80

  • IfModule ssl_module
    Listen 443
    (sorry, my first post and haven’t quite got the hang of pastebin yet. I will, soon)

But my 000-default.conf (in sites-enabled) only contains one section about:
VirtualHost *:80

Does that mean I should add a section in that file for something like VirtualHost *:443, because right now I get the same message: it only speaks http on 443.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.