The server could not connect to the client: raspberrypi nginx


Hello I’m using Raspbian GNU/Linux 7 (wheezy)
the current stable certbox 0.12.0, GIT pulled
and nginx version: nginx/1.11.10
(built by gcc 4.6.3 (Debian 4.6.3-14+rpi1)
built with OpenSSL 1.0.1t 3 May 2016
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/run/ --lock-path=/var/lock/nginx --http-log-path=/var/log/nginx/access.log --with-http_ssl_module)

I have two web pages visible, one http and one https
these are dyndns’d using //
and I have visible pages with self signed certs installed created using openssl to enable the https page

the contents of my /etc/nginx/nginx.conf file are:
worker_processes 1;
events {
worker_connections 1024;
http {
include mime.types;
include sites-enabled/*;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

and the contents of my site block (virtual hosts) are at /etc/nginx/sites-enabled/ is:
server {
listen 80;
location / {
root /var/www/;
index index.html index.htm;
server {
listen 443 ssl;
ssl_certificate /etc/ssl/cacert.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /var/www/;
index index.html index.htm;

I am failing to run the following command because the the server cannot reach back to my client to do the handshake:
rupert@raspberrypi ~/projects/https/letsencrypt $ ./letsencrypt-auto run --agree-tos --nginx -d
Requesting root privileges to run certbot…
/home/rupert/.local/share/letsencrypt/bin/letsencrypt run --agree-tos --nginx -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to for TLS-SNI-01 challenge

 - The following errors were reported by the server:

   Type:   connection
   Detail: Failed to connect to for TLS-SNI-01

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I’m hoping somebody might have some ideas to trouble shoot this, I if it’s a bug I’m happy to triage.

Thanks in advance,


Your site isn’t reachable from the public internet, apparently not from Let’s Encrypts servers, but neither from my end.

Is the IP address listed also really your current public IP address? Or has it changed recently and is the dynamic DNS service lagging behind?

Do you have your Raspberry Pi behind a NAT router? Did you portmap port 80 and 443 to the Raspberry Pi?



Thanks for responding. It is true that it is turned off, I disabled it after sending this post for security purposes. Feel free to have another poke, I’ve enabled the pages again…

Regards, Rupert


Still not able to connect. Please check your router/firewall et cetera, because isn’t publically accessible.



Thankyou - I discovered that althought I could point to it using a the url, the rest of the world could not. My ISP was blocking at infrastructure level. So I needed to login to my provider and on the admin interface, turn off port blocking there too. thanks for your patience Osiris


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.