Server only speaks HTTP, not TLS

Server
1

HI

I TRY TO RUN THIS CODE ./certbot-auto

AND THE RESULT WAS THIS:

root@vps119695:/cert# ./certbot-auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: bluemorphohouse.com
2: publiquepos.com
3: www.publiquepos.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):2
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for publiquepos.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. publiquepos.com (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Failed to connect to 149.56.141.88:443 for TLS-SNI-01 challenge: Server only speaks HTTP, not TLS

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: publiquepos.com
    Type: malformed
    Detail: Failed to connect to 149.56.141.88:443 for TLS-SNI-01
    challenge: Server only speaks HTTP, not TLS

    To fix these errors, please make sure that you did not provide any
    invalid information to the client, and try running Certbot again.
    root@vps119695:/cert#

2

Hi,

What operating system is your server using ? (ubuntu ? )

Have you got a firewall or anything blocking port 443 ?

Have you installed the key elements for running https on your apache web server ?

3

serverco Community Moderator
March 5
Hi,

What operating system is your server using ? (ubuntu ? )

Is obunto 14

Have you got a firewall or anything blocking port 443 ?

I think not.

Have you installed the key elements for running https on your apache web server ?

I don't now about it, can you explain about that, please.

Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

4

This error means that when Let’s Encrypt attempted to communicate with your server on port 443, which normally offers HTTPS (via TLS), your web server tried to speak HTTP instead. Generally this results from a misconfiguration of your web server.

Can you post the contents of your /var/log/letsencrypt.log? You should be able to upload it using one of the buttons in the toolbar that appears when you reply to this message.

5

Check your /etc/apache2/sites-enabled and /etc/apache/sites-available and see what .conf files are there
I had this issue when I ran certbot previously and it had created a new site there, I had to remove those files and restart apache.

6

well, fist time i ry to run cerboth on the rot path, and later i see a
tutorial and then i make a directory call cert and run that here, but not
sure if try to run before on the rot path is the problem?
what you think?

7

@felixbellido17 could you post the logs I asked for? That would let us help you much better.

I think the most likely problem is that your Apache SSL module is disabled for some reason. The logs should show the contents of your Apache configs which could help figure out why. I’d also like to see the output of ls /etc/apache2/mods-available, and tail /var/log/apache2/error.log

8

I had this same issue (Server only speaks HTTP, not TLS). I previously had another certificate installed - so SSL was definitely installed & active.

I have Ubuntu 14.04. My configuration was in mydomain.conf. The problem is there was additional default configuration in 000-default.conf. I replaced 000-default.conf with the contents of mydomain.conf, restarted Apache & was letsencrypt successfully installed the certificate.

9

I have the same problem.

This is my log:

2017-03-27 13:02:38,668:DEBUG:letsencrypt.cli:Root logging level set at 30
2017-03-27 13:02:38,669:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-03-27 13:02:38,669:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1
2017-03-27 13:02:38,669:DEBUG:letsencrypt.cli:Arguments: [’–apache’]
2017-03-27 13:02:38,670:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,Plu$
2017-03-27 13:02:38,673:DEBUG:letsencrypt.cli:Requested authenticator apache and installer apache
2017-03-27 13:02:38,976:DEBUG:letsencrypt.display.ops:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7fdbb59e2a50>
Prep: True
2017-03-27 13:02:38,977:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7fdbb59e2a50> and installer <letsencrypt_apache$
2017-03-27 13:02:39,595:DEBUG:letsencrypt.cli:Picked account: <Account(fc21f47e93852ae45df5ac2f9c015bb6)>
2017-03-27 13:02:39,596:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-03-27 13:02:39,598:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-03-27 13:02:40,111:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 280
2017-03-27 13:02:40,116:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘280’, ‘Expires’: ‘Mon, 27 Mar 2017 13:02:40 GMT’, ‘Boulder-Request-Id’: ‘LsX9tC7afb5WLkvf$
2017-03-27 13:02:40,116:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘280’, ‘Expires’: ‘Mon, 27 Mar 2017 13:02:40 GMT’, ‘Boulder-Request-Id’: ‘$
2017-03-27 13:02:40,214:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0014_key-letsencrypt.pem
2017-03-27 13:02:40,216:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0014_csr-letsencrypt.pem
2017-03-27 13:02:40,216:DEBUG:letsencrypt.client:CSR: CSR(file=’/etc/letsencrypt/csr/0014_csr-letsencrypt.pem’, data='0\x82\x02\x8c0\x82\x01t\x02\x01\x020\x1a1\x180\x16\x06\x03U\x0$
2017-03-27 13:02:40,216:DEBUG:root:Requesting fresh nonce
2017-03-27 13:02:40,216:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2017-03-27 13:02:40,217:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-03-27 13:02:40,770:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2017-03-27 13:02:40,774:DEBUG:root:Received <Response [405]>. Headers: {‘Content-Length’: ‘91’, ‘Pragma’: ‘no-cache’, ‘Boulder-Request-Id’: ‘Oxa2SD5shBkTBTZMVjCOv_T1_H_g1WFuj9qg4ag$
2017-03-27 13:02:40,775:DEBUG:acme.client:Storing nonce: ‘wF\\xba\xdcv\xc2$\xd3\xb1\xc9\xc3\x0e\xcf\x84\xdf\xeb\x89\xd3\xb7\x9b:Y\x95\x87\x9e\x19\xda\xbcL\xea6’
2017-03-27 13:02:40,775:DEBUG:acme.jose.json_util:Omitted empty fields: challenges=None, combinations=None, status=None, expires=None
2017-03-27 13:02:40,775:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: “ga.lujan.gov.ar”}, “resource”: “new-authz”}
2017-03-27 13:02:40,776:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), x5tS256=None, cty=None, jku=None, x5u=None, x5t=None, crit=(), kid=None, alg=None, jwk=None, typ=None
2017-03-27 13:02:40,777:DEBUG:acme.jose.json_util:Omitted empty fields: jku=None, x5tS256=None, cty=None, x5c=(), x5u=None, x5t=None, crit=(), nonce=None, kid=None, typ=None
2017-03-27 13:02:40,778:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”:blush:
2017-03-27 13:02:40,778:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-03-27 13:02:41,330:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 999
2017-03-27 13:02:41,335:DEBUG:root:Received <Response [201]>. Headers: {‘Content-Length’: ‘999’, ‘Expires’: ‘Mon, 27 Mar 2017 13:02:41 GMT’, ‘Boulder-Request-Id’: ‘-l9DfDXoUf_HfQVi$
2017-03-27 13:02:41,335:DEBUG:acme.client:Storing nonce: ‘\xf7\x87\xf4\xf4\xbd\x16\xbb^\xf7b\xe9\x99\x1a\x80\x0b\x89\xe0]=\x1c\xc3\x93\xbf\x19%%,\x08\xe5\x86’
2017-03-27 13:02:41,335:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘999’, ‘Expires’: ‘Mon, 27 Mar 2017 13:02:41 GMT’, ‘Boulder-Request-Id’: ‘$
2017-03-27 13:02:41,336:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’IXACiqlV5KJGOPjqcVPITL-T9ZUYDYkgWed1HM4c4-U’, u’type’: u’$
2017-03-27 13:02:41,336:INFO:letsencrypt.auth_handler:Performing the following challenges:
2017-03-27 13:02:41,336:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for ga.lujan.gov.ar
2017-03-27 13:02:41,477:DEBUG:letsencrypt_apache.tls_sni_01:Adding Include /etc/apache2/le_tls_sni_01_cert_challenge.conf to /files/etc/apache2/apache2.conf
2017-03-27 13:02:41,477:DEBUG:letsencrypt_apache.tls_sni_01:writing a config file with text:


ServerName 1329ae8c9984760ccb4243f2516e4a1a.d9e0a49f67986e7daf962571afe585ad.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/Jl2Nyp5KXS1X6ext_7s_m1X-8IANFZ24uP8EUKV9isI.crt
SSLCertificateKeyFile /var/lib/letsencrypt/Jl2Nyp5KXS1X6ext_7s_m1X-8IANFZ24uP8EUKV9isI.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/
2017-03-27 13:02:41,570:DEBUG:letsencrypt.reverter:Creating backup of /etc/apache2/ports.conf 2017-03-27 13:02:41,571:DEBUG:letsencrypt.reverter:Creating backup of /etc/apache2/apache2.conf 2017-03-27 13:02:44,994:INFO:letsencrypt.auth_handler:Waiting for verification... 2017-03-27 13:02:44,995:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "Jl2Nyp5KXS1X6ext_7s_m1X-8IANFZ24uP8EUKV9isI.73nWv18sEd6nhJghTsUvvcdDWgIb6FIYwP9VnolrTrM", "type": "$ 2017-03-27 13:02:44,998:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), x5tS256=None, cty=None, jku=None, x5u=None, x5t=None, crit=(), kid=None, alg=None, jwk=None, typ=None 2017-03-27 13:02:45,004:DEBUG:acme.jose.json_util:Omitted empty fields: jku=None, x5tS256=None, cty=None, x5c=(), x5u=None, x5t=None, crit=(), nonce=None, kid=None, typ=None 2017-03-27 13:02:45,005:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/AgGf6QgeKEJroocA5QpjwSLt3NFAqB4SJ85iowRHV5U/892835165. args: (), kwar$ 2017-03-27 13:02:45,008:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2017-03-27 13:02:45,560:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/AgGf6QgeKEJroocA5QpjwSLt3NFAqB4SJ85iowRHV5U/892835165 HTTP/1.1" 202 338 2017-03-27 13:02:45,564:DEBUG:root:Received . Headers: {'Content-Length': '338', 'Boulder-Request-Id': '1CfX3QjNaNeVu9Gbqaz8CAP-Y9B2nO52XO7IhkrV3EY', 'Expires': 'Mo$ 2017-03-27 13:02:45,564:DEBUG:acme.client:Storing nonce: '({r+\x9ep\xac\x13\x9az\xe9\xcb\x8cpiv\xfbR<\xb7"\x06\xa7t\xe6T\xca\xcb\xcb\xc0|\xe6' 2017-03-27 13:02:45,565:DEBUG:acme.client:Received response (headers: {'Content-Length': '338', 'Boulder-Request-Id': '1CfX3QjNaNeVu9Gbqaz8CAP-Y9B2nO52XO7IhkrV3EY'$ 2017-03-27 13:02:48,568:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/AgGf6QgeKEJroocA5QpjwSLt3NFAqB4SJ85iowRHV5U. args: (), kwargs: {} 2017-03-27 13:02:48,571:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2017-03-27 13:02:49,057:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/AgGf6QgeKEJroocA5QpjwSLt3NFAqB4SJ85iowRHV5U HTTP/1.1" 200 1553 2017-03-27 13:02:49,061:DEBUG:root:Received . Headers: {'Content-Length': '1553', 'Expires': 'Mon, 27 Mar 2017 13:02:49 GMT', 'Boulder-Request-Id': 'oTh4hlYoSdrQ-QO$ 2017-03-27 13:02:49,062:DEBUG:acme.client:Received response (headers: {'Content-Length': '1553', 'Expires': 'Mon, 27 Mar 2017 13:02:49 GMT', 'Boulder-Request-Id': $ 2017-03-27 13:02:49,063:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'IXACiqlV5KJGOPjqcVPITL-T9ZUYDYkgWed1HM4c4-U', u'type': u'$ 2017-03-27 13:02:49,065:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:

Domain: ga.lujan.gov.ar
Type: malformed
Detail: Failed to connect to 200.5.120.77:443 for TLS-SNI-01 challenge: Server only speaks HTTP, not TLS

To fix these errors, please make sure that you did not provide any invalid information to the client, and try running Let’s Encrypt again.
2017-03-27 13:02:49,065:INFO:letsencrypt.auth_handler:Cleaning up challenges
2017-03-27 13:02:49,357:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/letsencrypt”, line 9, in
load_entry_point(‘letsencrypt==0.4.1’, ‘console_scripts’, ‘letsencrypt’)()
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 1986, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 662, in run
lineage, action = _auth_from_domains(le_client, config, domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 474, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 269, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 225, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. ga.lujan.gov.ar (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Failed to connect to 200.5.120.77:4$

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.