Server only speaks HTTP, not TLS - Ubuntu16.04/apache2 - install certbot


#1

Hey guys, im trying to setup certbot on my VPS.
it always get stuck when i start the

$ letsencrypt --apache

i hit enter and get the following error:

Failed authorization procedure. mrsengo.com (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Failed to connect to 62.113.241.173:443 for TLS-SNI-01 challenge: Server only speaks HTTP, not TLS

IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: mrsengo.com
   Type:   malformed
   Detail: Failed to connect to 62.113.241.173:443 for TLS-SNI-01
   challenge: Server only speaks HTTP, not TLS
   To fix these errors, please make sure that you did not provide any
   invalid information to the client, and try running Let's Encrypt
   again.

I already tried:

  • reinstall apache
  • $ sudo ufw allow 443
  • default apache config
  • stop apche before $ letsencrypt --apache

I’m following this Guide:

This is my apache.conf
http://pastebin.com/96Lwz52c

Other informations:
OS: Ubuntu 16.04
Domain: mrsengo.com
Hoster: https://www.1fire.de/vserver/

Thank you guys, really have no clue now how to fix it


#2

just did a clean fresh new VPS install and i get the still the same error :confused:


#3

hi @MiiAUWz

check your provider isn’t blocking port 443

for example on AWS (Amazon Web Services) you have to explicitly open up the ports both on the server and the gateway

I can see that you are letting port 80 through but not 443 so thats the first thing to fix


#4

@MiiAUWz,

i think your default virtualhost for *:443 is a problem because it doesn’t actually speak HTTPS (with the various Apache SSLCertificate[...]file directives). Without these directives, you are creating an HTTP virtualhost, which doesn’t generally belong on port 443. I would suggest removing that virtualhost entirely.

@ahaw021, with the error “Server only speaks HTTP”, the CA did succeed in connecting on port 443, so there’s probably not a firewall blocking it. The problem is that the web server spoke HTTP instead of HTTPS on port 443.


#5

Quick question.
My ports.conf file (Apache2 - ubuntu 16.04) covers ssl:

Listen 80

  • IfModule ssl_module
    Listen 443
    (sorry, my first post and haven’t quite got the hang of pastebin yet. I will, soon)

But my 000-default.conf (in sites-enabled) only contains one section about:
VirtualHost *:80

Does that mean I should add a section in that file for something like VirtualHost *:443, because right now I get the same message: it only speaks http on 443.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.