I have a following domain: http://ankitshah.us
This domain points to following AWS image whose IP is: 23.22.140.172
when i run the following command: ubuntu@ip-10-149-104-73:~/letsencrypt$sudo ./venv/bin/letsencrypt auth
It gives me this error on the blue screen first:
Unable to run the command: apache2ctl configtest
Nginx Restart Failed!
nginx: [emerg] could not build the server_names_hash, you should increase server_names_hash_bucket_size: 64
It also gives me the following error
Failed authorization procedure. ankitshah.us (dvsni): connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge
IMPORTANT NOTES:
The following ‘connection’ errors were reported by the server:
Domains: ankitshah.us
Error: The server could not connect to the client for DV
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contains the right IP address. Additionally, please check that your
computer has publicly routable IP address and no firewalls are
preventing the server from communicating with the client.
My DNS records entry is pointing to AWS public IP,
How would i make the DVSNI challenge pass ?
hello i have somethin like that problem… what can i do to fix it the dns a/aaa record? thanks.
Failed authorization procedure. my.domain (dvsni): connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge
IMPORTANT NOTES:
If you lose your account credentials, you can recover through
e-mails sent to support@my.domain.
The following ‘connection’ errors were reported by the server:
Domains: my.domain
Error: The server could not connect to the client for DV
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contains the right IP address. Additionally, please check that your
computer has publicly routable IP address and no firewalls are
preventing the server from communicating with the client.
Your account credentials have been saved in your Let’s Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let’s
Encrypt so making regular backups of this folder is ideal.
One possibility here, that has bit me before, was a server that hadn’t been using TLS before was blocking port 443 at the firewall. That stops DVSNI from running, too.
I had the same error message on Ubuntu 14.04.3 LTS with apache2 when calling letsencrypt-auto.
After stopping apache2 and using letsencrypt -auth instead (selecting Standalone mode) I succeeded and received the staging-CA sigend cert chain.
I guess somehow letsencrypt-auto didn’t succeed to control my apache2, but I don’t know how to find out why.
I personally can live with the standalone-method, but this isn’t very satisfying, because of the needed downtime of the web service.
Let me know if I somehow can contribute helpful debug information (log files etc.).
Hi eva2000,
thanks for the hint.
I tried and again I see the error message as before, but just a little bit more eloquent.
Unfortunately without information how letsencrypt-auto tries to control my apache2 and where it failed:
+----------------------------------------------------------------------+
¦ Saving debug log to /var/log/letsencrypt/letsencrypt.log ¦
¦ Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org ¦
¦ Generating key (2048 bits): ¦
¦ /etc/letsencrypt/keys/0008_key-letsencrypt.pem ¦
¦ Creating CSR: /etc/letsencrypt/csr/0008_csr-letsencrypt.pem ¦
¦ Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org ¦
¦ Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org ¦
¦ Performing the following challenges: ¦
¦ dvsni challenge for rabix.de ¦
¦ Waiting for verification... ¦
¦ Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org ¦
¦ Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org ¦
¦ Reporting to user: The following 'unauthorized' errors were ¦
¦ reported by the server: ¦
¦ Domains: rabix.de ¦
¦ Error: The client lacks sufficient authorization ¦
¦ To fix these errors, please make sure that your domain name was ¦
¦ entered correctly and the DNS A/AAAA record(s) for that domain ¦
¦ contains the right IP address. ¦
¦ Cleaning up challenges ¦
+----------------------------------------------------------------------+
I also had a look into /var/log/letsencrypt/letsencrypt.log but nothing obvious (at least to my eyes).
For deeper analysis I put the log on my webserver: http://rabix.de/letsencrypt.log
2015-10-25 19:21:13,622:INFO:letsencrypt.reporter:Reporting to user: The following 'unauthorized' errors were reported by the server:
Domains: rabix.de
Error: The client lacks sufficient authorization
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contains the right IP address.
yes, thanks, but this error seems to me due to letsencrypt-auto is not able to place the challenge information on my apache2 web server. Since “letsencrypt -auth” as standalone works fine, the DNS record itself seems to be correct, but it’s probably (only) an issue in taking over the control of my apache2. Unfortunately I don’t find any information in the log about how letsencrypt-auto tries to get control over it. I checked the timestamps of all files beyond /etc/apache2/ but no config files has been touched.
Remark: It’s not an issue of the permission, because the config files belong to and are writable by “root” and letsencrypt-auto also uses “root” (via sudo).
Any further ideas to analyse the problem are welcome.
I’ve applied to join the beta program, but did not yet receive the invite approval.
As I understood this is the reason why I currently solely got staging certs, but that’s okay for current testing now.
The only question is why it works with “letsencrypt -auth” in standalone mode but not with “letsencrypt-auto”, or won’t letsencrypt try to control my apache before I’m registrated as beta test user?
Hi experts,
thanks so far for your hints, but there is still the question why I succeed with “letsencrypt -auth” in standalone mode while failing when trying to use running apache via “letsencrypt-auto”. Are there any further options to switch on deeper (than --verbose) logging?
I am also having the same error (Error: The server could not connect to the client for DV). I received my invitation and made sure to type my domains correctly.
