Sudo certbot --apache -d "Failed authorization procedure"


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: castleslion.com

I ran this command: sudo certbot --apache -d castleslions.com -d www.castleslions.com
( https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04 ).

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for castleslions.com
http-01 challenge for www.castleslions.com
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.castleslions.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.castleslions.com/.well-known/acme-challenge/tWlbtBXEeh8Rx5agu1O_lS5SWL7UOlhN2YDQHDqzQlk: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.castleslions.com
    Type: connection
    Detail: Fetching
    http://www.castleslions.com/.well-known/acme-challenge/tWlbtBXEeh8Rx5agu1O_lS5SWL7UOlhN2YDQHDqzQlk:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu server 18.04.1

My hosting provider, if applicable, is: telecom italia TIM

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): i have only castleslions.com domain atm and the server, after i reach https i will build a website.


#2

Hi @marcyquad

castlelion.com isn’t registered. castlelions.com is. Do you have a running webserver (http)?

I see only a timeout.


#3

hello, and thank you for the reply, my domain is castleslions.com and the server is up ( apache2.service loaded active running The Apache HTTP Server) , which i wrote before i have only web domain but i haven’t yet built the website…thank you for your help.


#4

Your website isn’t up. I can ping it, but connecting with HTTP or HTTPS times out.

Do you have a firewall? Does your ISP have a firewall? Does it allow inbound HTTP and HTTPS traffic? From other countries?

If there’s port forwarding, are you sure it’s correct?


#5

This is my firewall
Status: active

To Action From


OpenSSH ALLOW Anywhere
Apache Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)

i don’t know if my isp have a firewall


#6

ok, i set up port mapping on my ISP to allow http/https connection for my local host 192.168.1.45. maybe now it work? let’s try… :slight_smile:


#7

Still times out for me. :sweat:


#8

yes, i still see the same error using sudo certbot --apache -d castleslions.com -d www.castleslions.com command.


#9

I tried to ping castleslions.com and www.castleslions.com the point domain look like well, it point to my public ip , so maybe the problem is in server configuration…


#10

ok maybe i understood… the problem probably is i haven’t set a static ip and the domain.com point to an ip isn’t well right now…


#11

ok now i set up static ip and edited ip pointer on new public ip


#12

Well !! with my server it work https://www.castleslions.com/ i succesful do that but not still work with other pc maybe i need to wait for the propagation of dns :smiley: thank you for your help i finally obtain https for my website :smiley: cheers let’s encrypt!!!