I have an Apache 2.4 host with about 15 VHosts. All but one hostnames work fine, but schoner.hanse.de is being rejected with the error below. Since itβs the same host, and all names are CNAMEs for schoner.hanse.de, Iβm at a loss what the issue might be. If I put a file into the acme-challenge dir manually, I can retrieve it without issue: http://schoner.hanse.de/.well-known/acme-challenge//foo
- The following errors were reported by the server:
Domain: schoner.hanse.de
Type: connection
Detail: Could not connect to http://schoner.hanse.de/.well-known
/acme-challenge/sEWE-U180leuXxB-OG3NRq4lwaLGVaVD_zbwOfVBcBY
2016-02-28 11:03:10,569:DEBUG:letsencrypt.cli:Root logging level set at 30
2016-02-28 11:03:10,571:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-02-28 11:03:10,571:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.0
2016-02-28 11:03:10,571:DEBUG:letsencrypt.cli:Arguments: ['-a', 'webroot', '-w', '/usr/local/www/letsencrypt', '-d', 'www.hanse.de', '
-d', 'ftp.hanse.de', '-d', 'lists.hanse.de', '-d', 'schoner.hanse.de', '-d', 'www.astloch.hanse.de', '-d', 'www.baty.hanse.de', '-d',
'www.dda.hanse.de', '-d', 'www.eagle.hanse.de', '-d', 'www.filterhh.hanse.de', '-d', 'www.floppysheep.hanse.de', '-d', 'www.fusebox.ha
nse.de', '-d', 'www.mcshh.hanse.de', '-d', 'www.minerva.hanse.de', '-d', 'www.ranahh.hanse.de', '-d', 'www.samhh.hanse.de', '-d', 'www
.signal.hanse.de', '-d', 'www.transit.hanse.de', '-d', 'www.wavehh.hanse.de']
2016-02-28 11:03:10,572:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,Plugi
nEntryPoint#manual,PluginEntryPoint#standalone)
2016-02-28 11:03:10,578:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None
2016-02-28 11:03:10,584:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /usr/local/www/letsencrypt/.well-
known/acme-challenge
016-02-28 11:03:15,275:DEBUG:letsencrypt.client:CSR: CSR(file='/usr/local/etc/letsencrypt/csr/0005_csr-letsencrypt.pem', data='0\x82\x03\xed0\x82\x02\xd5\x02\x01\x000\x171\x150\x13\x06\x03U\x04\x03\x0c\x0cwww.hanse.de0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\x94\xf2,\xdf5\xfb\xec\x95~c4\x9f#\xf9i\xe9y,\xa3\x86\xa4;yw!\xa2C\xcd\xf4\xb2\xff\xd0\xd2\xe0D\xbb\xdfUo\x03\xb8\xc4C\x13jB\xc6\x1f(.KX\n<\xf1\xa4\xf1\xed3\t\xe1\xe8\xbc:TD\t\x90\xeeeA\xb3\xd7\xdaJ\x96\x98\x91z\x9d\x98\x10
=G\x1b\xee\xb2\x10\xd4\x1c\xc7u\xa3jV\xbf{4\x86\xf5\x7f\xa7\xe5t:\xa8X\x1a\xbdC\xdew\xaah\x9e^\x99\xc9"\x1e\xf3\xf2\xdfX\xb9\xf6β\xa3\x1ec-P\x96l\xbeVF\x1f%\xef\x06\xcfeH\xbeq\x8b1\xb1\x1e\xd1\x0e\xfd\x8d\xfd\xdfX\xfb\xbfE\xa5\x1e\xb7\x0fd\xda\xa3a\x86S\xdf\x18\xb6\xcf\rE\xb1(\xba\x8bN\x1cW\xfb\xa5\x1eI\x94 \xd8%\x91\xb4p\x1d^\xd3\xb0r;\xed\x80-\xdcs\xcd1\x08\x16^\x94\xeb\x86\x88S\xb7bD\x9foy\xab*\xce\x92\xaba\xd4\x16(A\xb9N\xb3\xf6\xf33\x1f(oz4W\xb7\xcf}\x00*\:\xc5\x11\xff\xd4i\x02\x03\x01\x00\x01\xa0\x82\x01\x8f0\x82\x01\x8b\x06\t*\x86H\x86\xf7\r\x01\t\x0e1\x82\x01|0\x82\x01x0\x82\x01t\x06\x03U\x1d\x11\x04\x82\x01k0\x82\x01g\x82\x0cwww.hanse.de\x82\x0cftp.hanse.de\x82\x0elists.hanse.de\x82\x10schoner.hanse.de\x82\x14www.astloch.hanse.de\x82\x11www.baty.hanse.de\x82\x10www.dda.hanse.de\x82\x12www.eagle.hanse.de\x82\x15www.filterhh.hanse.de\x82\x18www.floppysheep.hanse.de\x82\x14www.fusebox.hanse.de\x82\x12www.mcshh.hanse.de\x82\x14www.minerva.hanse.de\x82\x13www.ranahh.hanse.de\x82\x12www.samhh.hanse.de\x82\x13www.signal.hanse.de\x82\x14www.transit.hanse.de\x82\x13www.wavehh.hanse.de0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x86\xd4\xd0\xae\x82\xaa\x9bl"D\xee\xb9kW\x1a\xd6/H\xb5di1 XI\xd5|\xa2\x1b\xee\xac"\xc8a\xcc+\xd3#\x01\xc5\xfeN\xb2\x1b\xcd\xc8\x8d\x12]\xe8)K\x8c:\x94U5\x8b\xe4:\xddJR\x0c\xe6\xa6\xa4\x8e\x8b$\x06\x9e\x91\xbb\x05\x84\xc8\xa4z#\xd4\xc1vv\xf1\xec\xa3~C\xc0sU\xc9\x1f\x06\xaf\xc4\x02\xe4_\x91j\x96\xf7\xa9~\xa5\x9dU,\x01\x18\x13]\xea\xe9 \xc3\x93\xea\xd5\xa4+\xb7\x97\x1a\xee\xc8|\xd06\xb2\xa1\x90)\x81e:\xf2\xe5\xab65@*\x9c\xebH\x06\xe2\x85pw I>\xe1h\x87\xe7Q\x01\xeb\xae%9\xbd\xa1,\x02\x91N\xc2\xcf\xe6fEL|{w\x18("\xb6\x80\xe3L\xb4k\xb1;\x86\x9cZzM\xec\xc9\xe9\x12\x8a\x9c\r\x90\xea\xf3n\x12!\xd4\xa3\xc7\xb5\xc38})\xab\xa1\xb7Vx\xc0\x840[\xd8I3\xd2\xb8\x85,\xa7\xc2\xbff\xff\xc5E\xc2\xbb\x80\x0f\xea#9\xc1\xd1\x94H\xc3\xde)\xb4β, form=βderβ), domains: [βwww.hanse.deβ, βftp.hanse.deβ, βlists.hanse.deβ, βschoner.hanse.deβ, βwww.astloch.hanse.deβ, βwww.baty.hanse.deβ, βwww.dda.hanse.deβ, βwww.eagle.hanse.deβ, βwww.filterhh.hanse.deβ, βwww.floppysheep.hanse.deβ, βwww.fusebox.hanse.deβ, βwww.mcshh.hanse.deβ, βwww.minerva.hanse.deβ, βwww.ranahh.hanse.deβ, βwww.samhh.hanse.deβ, βwww.signal.hanse.deβ, βwww.transit.hanse.deβ, βwww.wavehh.hanse.deβ]`
2016-02-28 11:03:30,777:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'I2DdMTZj2CB
rLIyvAl2KvnVu1HPJHQ2vu_Chpm49MKk', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/rNVZY4aKsu2viZS9U
nGryi8-qME_ivqJIMn_iHMcpik/20363227'}
2016-02-28 11:03:30,778:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:
Domain: schoner.hanse.de
Type: connection
Detail: Could not connect to http://schoner.hanse.de/.well-known/acme-challenge/sEWE-U180leuXxB-OG3NRq4lwaLGVaVD_zbwOfVBcBY
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) t
he right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preven
ting the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving fi
les from the webroot path you provided.
2016-02-28 11:03:30,781:DEBUG:letsencrypt.plugins.webroot:Removing /usr/local/www/letsencrypt/.well-known/acme-challenge/2B74YGh8_DtAeTWTGrpE0qeUkZTi7fIS1umHNCfMibM
2016-02-28 11:03:30,781:DEBUG:letsencrypt.plugins.webroot:Removing /usr/local/www/letsencrypt/.well-known/acme-challenge/andMYeNTWzXhCB3kTsiXTiJFKgUdGHRG2CJ6gys_JWI
2016-02-28 11:03:30,783:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/letsencrypt", line 9, in <module>
load_entry_point('letsencrypt==0.4.0', 'console_scripts', 'letsencrypt')()
File "/usr/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1987, in main
return config.func(config, plugins)
File "/usr/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 707, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File "/usr/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 458, in _auth_from_domains
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/usr/local/lib/python2.7/site-packages/letsencrypt/client.py", line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File "/usr/local/lib/python2.7/site-packages/letsencrypt/client.py", line 225, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File "/usr/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File "/usr/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File "/usr/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. schoner.hanse.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to http://schoner.hanse.de/.well-known/acme-challenge/sEWE-U180leuXxB-OG3NRq4lwaLGVaVD_zbwOfVBcBY