My domain was whitelisted, so cloned the letsencrypt repo to issue a new certificate. This is for a small development environment that used private IPs only. Once I realized that this wouldn’t work with the letsencrypt client, I created an Ubuntu 14.04 server in AWS, and changed my DNS A record to the public IP of my new server.
I then ran the letsencrypt client in standalone mode, but it failed because my host was unreachable.
The server could not connect to the client for DV
My instance’s firewall is disabled, and 80, 443, and 5001 are open to the world in the AWS security group. I validated this from my home network.
Could the problem be that the letsencrypt servers are caching the old IP address in the A record, and that I just need to wait a little bit?