The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

I don’t know what is happening and could use some help please thanks ahead of time!

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): mydomain.com www.mydomain.com
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for mydomain.com
tls-sni-01 challenge for www.mydomain.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.mydomain.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure, mydomain.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.mydomain.com
   Type:   tls
   Detail: remote error: tls: handshake failure

   Domain: mydomain.com
   Type:   tls
   Detail: remote error: tls: handshake failure

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   you have an up-to-date TLS configuration that allows the server to
   communicate with the Certbot client.```

Hi @gonzalezx600,

What’s your domain?

Hi @schoen I have the same issue.
I trying moving my web site form one server to another server.

can you help? my domain is duniakerja.co www.duniakerja.co

thanks

Hi @hengkiardo,

Your site is behind the CloudFlare CDN. The TLS-SNI-01 challenge method which is used by Certbot’s --apache or --nginx plugins does not work behind a CDN or reverse proxy, because it requires the incoming TLS session to be directly with your machine. You can instead use the HTTP-01 challenge method (used by Certbot’s --webroot plugin).

However, this should not usually result in the “handshake failure” error—are you sure that’s the exact error that you received?