The server could not connect to the client to verify the domain

Hi I have seen few of this questions in here. but they all point to different errors. I tried all of the answers provided to those questions but didnt manage to get my ssl cert working.

I have managed to get the certbot working in the past so the ssl cert has already been installed. I can access the website with no problem.

One change that happened today, I reset my router which means I had to do the port forwarding again, I use noip.com to make my ip some what static.

My domain is:
https://mystuff.lucasds.dev/

I ran this command:
sudo certbot renew --dry-run
or
sudo certbot --nginx

It produced this output:

Attempting to renew cert (mystuff.lucasds.dev) from /etc/letsencrypt/renewal/mystuff.lucasds.dev.conf produced an unexpected error:
The server could not connect to the client to verify the domain :: Fetching http://mystuff.lucasds.dev/.well-known/acme-challenge/5hzvK5CBXAWnk0p23kepOw8x2vNWnkRi-ewrhAuC84E: Timeout during connect (likely firewall problem). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mystuff.lucasds.dev/fullchain.pem (failure)

Domain: mystuff.lucasds.dev
Type: connection
Detail: Fetching
http://mystuff.lucasds.dev/.well-known/acme-challenge/5hzvK5CBXAWnk0p23kepOw8x2vNWnkRi-ewrhAuC84E:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My web server is (include version):

Ubuntu 18.04
Nginx 1.14

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

1 Like

Hi @luckas

your port 80 doesn’t answer - see https://check-your-website.server-daten.de/?q=mystuff.lucasds.dev

Domainname Http-Status redirect Sec. G
http://mystuff.lucasds.dev/ 81.131.75.67 -14 10.024 T
Timeout - The operation has timed out
https://mystuff.lucasds.dev/ 81.131.75.67 302 https://mystuff.lucasds.dev/login
Html is minified: 117,13 % 3.826 B
https://mystuff.lucasds.dev/login GZip used - 1360 / 4893 - 72,21 % Inline-JavaScript (∑/total): 1/0 Inline-CSS (∑/total): 0/0 200 Html is minified: 181,09 % 3.456 B
small visible content (num chars: 92)
Laravel Login Register Login E-Mail Address Password Remember Me Login Forgot Your Password?
http://mystuff.lucasds.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 81.131.75.67 -14 10.020 T
Timeout - The operation has timed out

You can’t check that with a browser, because it’s a dev domain, these domains are preloaded, so browsers always connect the https version.

But if Letsencrypt tries to check your domain, a working port 80 is required.

Check your configuration, port 80 must answer.

2 Likes

You are right!

Thank you very much man. You have no idea how long i been hitting my head on my keyboard!

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.