Standalone installation failing to connect on Linux

rogersmj · March 4, 2017, 7:20pm

It’s not a firewall issue – I can connect via port 80 to the server I normally have running on this machine. I shut that server down so certbot can bind to it, run the below command…but the verification fails and says it can’t connect to my server.

I have verified with dnschecker.org that the IP address for my domain is correct. Port 80 is available for certbot to bind, and it goes through my router/firewall fine when running the server I normally run on port 80. Why isn’t this working?

Please fill out the fields below so we can help you better.

My domain is:
home.rogersmj.net

I ran this command:
sudo ./certbot-auto certonly --standalone --preferred-challenges http-01 --email xxxxxxxx@xxxxxxxx.com -d home.rogersmj.net

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for home.rogersmj.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. home.rogersmj.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to home.rogersmj.net

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: home.rogersmj.net
   Type:   connection
   Detail: Could not connect to home.rogersmj.net

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My operating system is (include version):
Raspbian Jessie

My web server is (include version):
standalone

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

schoen · March 5, 2017, 12:15am

You seem to have a DNS configuration problem.

http://dnscheck.pingdom.com/?domain=home.rogersmj.net

The certificate authority’s DNS checking is very cautious, so it’s possible to have DNS errors that are not severe enough to prevent other applications from working, but are severe enough that the CA isn’t able to obtain your A record. I think that’s probably the case here.

rogersmj · March 5, 2017, 2:17am

Thanks for that, I’ve never heard of that error before, “Delegation not found at parent.”. I dug around a bit on it but I’m not sure what I should do to resolve it. Can you provide any guidance? The DNS servers for rogersmj.net are with a well-known host and I’ve used them as my nameservers for more than a decade with no issues. “home” is a simple A record.

The logfile for certbot shows that it did look up and obtain the correct IP:

"validationRecord": [
        {
          "url": "http://home.rogersmj.net/.well-known/acme-challenge/xxxxxxxxxxxxxx",
          "hostname": "home.rogersmj.net",
          "port": "80",
          "addressesResolved": [
            "68.46.211.182"
          ],
          "addressUsed": "68.46.211.182"
        }
      ]

Not sure if that’s relevant.

system · April 4, 2017, 2:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.