Hello I’m using Raspbian GNU/Linux 7 (wheezy)
the current stable certbox 0.12.0, GIT pulled https://github.com/letsencrypt/letsencrypt
and nginx version: nginx/1.11.10
(built by gcc 4.6.3 (Debian 4.6.3-14+rpi1)
built with OpenSSL 1.0.1t 3 May 2016
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/run/nginx.pid --lock-path=/var/lock/nginx --http-log-path=/var/log/nginx/access.log --with-http_ssl_module)
I have two web pages visible, one http and one https
http://rupert160.privatedns.org
https://rupert160.privatedns.org
these are dyndns’d using //freedns.afraid.org/dynamic/update.php
and I have visible pages with self signed certs installed created using openssl to enable the https page
the contents of my /etc/nginx/nginx.conf file are:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
include sites-enabled/*;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
}
and the contents of my site block (virtual hosts) are at /etc/nginx/sites-enabled/rupert160.privatedns.org is:
server {
listen 80;
server_name rupert160.privatedns.org;
location / {
root /var/www/rupert160.privatedns.org/http;
index index.html index.htm;
}
}
server {
listen 443 ssl;
server_name rupert160.privatedns.org;
ssl_certificate /etc/ssl/cacert.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /var/www/rupert160.privatedns.org/https;
index index.html index.htm;
}
}
I am failing to run the following command because the the server cannot reach back to my client to do the handshake:
rupert@raspberrypi ~/projects/https/letsencrypt $ ./letsencrypt-auto run --agree-tos --nginx -d rupert160.privatedns.org
Requesting root privileges to run certbot…
/home/rupert/.local/share/letsencrypt/bin/letsencrypt run --agree-tos --nginx -d rupert160.privatedns.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for rupert160.privatedns.org
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. rupert160.privatedns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 124.168.238.216:443 for TLS-SNI-01 challenge
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: rupert160.privatedns.org
Type: connection
Detail: Failed to connect to 124.168.238.216:443 for TLS-SNI-01
challenge
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I’m hoping somebody might have some ideas to trouble shoot this, I if it’s a bug I’m happy to triage.
Thanks in advance,