The server could not connect to the client to verify the domain: Timeout

raphattack · November 10, 2017, 8:38pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
raphinator.us

I ran this command:
sudo certbot --nginx -d raphinator.us -d www.raphinator.us

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for raphinator.us
tls-sni-01 challenge for www.raphinator.us
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.raphinator.us (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout, raphinator.us (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.raphinator.us
Type: connection
Detail: Timeout

Domain: raphinator.us
Type: connection
Detail: Timeout

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is:
Namecheap

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

jared.m · November 10, 2017, 8:46pm

So, I’m also not able to access that over port 443. Are you sure you have firewalls/port forwarding configured to allow the public internet to access that server on port 443? This is needed for the nginx plugin, as it uses the tls-sni-01 authentication method.

# openssl s_client -connect www.raphinator.us:443
socket: Connection timed out
connect:errno=110

raphattack · November 10, 2017, 8:58pm

Thanks! The guide I was following somehow left out port 443. Working great now.

jared.m · November 10, 2017, 9:00pm

You’re very welcome! That guide may have been written back before nginx was as well-supported in Certbot as it is now - it used to use the http-01 challenge type instead, which works over port 80. Would you mind linking the guide you used here so we could attempt to contact the author to update it? There’s been an ongoing effort to get as many old tutorials cleaned up as we can.

raphattack · November 10, 2017, 9:23pm

Definitely!

Here’s the link to the guide: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

system · December 10, 2017, 9:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.