I have a customer who received an error when generating a certificate:
File “/opt/eff.org/certbot/venv/lib/python2.6/site-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.rainbowcarnaxide.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.rainbowcarnaxide.com/.well-known/acme-challenge/jV8fstmGOQjvXhKTHD7r5Rcc7Rcafo8_U5nSJ8z0mJg: Timeout, rainbowcarnaxide.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://rainbowcarnaxide.com/.well-known/acme-challenge/b8jlDEgm4pqTb6OGJE0eduzArVi6_av5WrMx79S8eFo: Timeout
Failed authorization procedure. www.rainbowcarnaxide.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.rainbowcarnaxide.com/.well-known/acme-challenge/jV8fstmGOQjvXhKTHD7r5Rcc7Rcafo8_U5nSJ8z0mJg: Timeout, rainbowcarnaxide.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://rainbowcarnaxide.com/.well-known/acme-challenge/b8jlDEgm4pqTb6OGJE0eduzArVi6_av5WrMx79S8eFo: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.rainbowcarnaxide.com
Type: connection
Detail: Fetching
http://www.rainbowcarnaxide.com/.well-known/acme-challenge/jV8fstmGOQjvXhKTHD7r5Rcc7Rcafo8_U5nSJ8z0mJg:
Timeout
Domain: rainbowcarnaxide.com
Type: connection
Detail: Fetching
http://rainbowcarnaxide.com/.well-known/acme-challenge/b8jlDEgm4pqTb6OGJE0eduzArVi6_av5WrMx79S8eFo:
Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also
Troubleshooting showed that the domains resolve to an IP on the server, the A records are correct, and there aren’t any propagation issues. Tried with the firewall both up and down, with the same results.
Oddly, the certificate was for four domains–the two above and a pointer domain (both regular and www version). The pointer domains did not throw any errors. In fact there is information for the LE checks for them in the access/transfer logs on the server, but not for the two that are giving the error.
Was just hoping someone may have ideas, as, from what I can tell, this should be working.
Thanks!