I am having issues with getting a certificate on my dedicated server.
The command I am running is: sudo certbot --apache -d example.com (replacing that with my domain)
The error is that the connection is timing out. “The server could not connect to the client to verify the domain”
However, UFW is disabled (Ubuntu 16.04), and ports 80 and 443 are being forwarded to the server. I can actually access my server from the internet via its hostname (which is also the domain I am trying to get the certificate for). I have absolutely zero issues connecting to my server and browsing the content on it.
Additionally, I have added the server’s hostname to the /etc/hosts file to ensure it resolves to the external IP, because it was also throwing this error with the local loop.
I’ve also made sure that there is an apache site with the ServerName that matches the certificate I am trying to issue.
I have no clue what to do now. I can ping my server directly and via its hostname on ports 80 and 443 without issue, but it still says it cannot connect.
Is there more information provided by the requesting client other than the error:
The server could not connect to the client to verify the domain?
Here is a screenshot of the console. You an see that I can ping and resolve the hostname above the request.
Meanwhile, from outside your network, I can resolve it, but not ping or receive any response on port 80:
Dans-MacBook-Pro-4709% ping bixby.cloud
PING bixby.cloud (18.104.22.168): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
--- bixby.cloud ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss
Dans-MacBook-Pro-4709% curl http://bixby.cloud
curl: (7) Failed to connect to bixby.cloud port 80: Operation timed out
That is interesting, I just connected to my VPN and sure enough I cannot connect to the server outside my own network. This is odd, because UFW is disabled, all traffic on pors 80 and 443 is being routed to the server.
This server is running on Hyper-V, could that be a source of the issue?
I’m not familiar enough with Hyper-V to say. If it’s at home, many residential ISPs block inbound traffic on port 80.
I know for a fact that isn’t the case because the same server that is running this server now used to run IIS in the past, and I know for a fact those websites were accessible.
this server also for some reason will not resolve domains after restart, even after having added working nameservers to the interface file. Perhaps that might have something to do with it?
That would cause trouble for you in contacting the Let’s Encrypt servers, but shouldn’t (directly) affect their ability to contact you.
I give up, thanks for all the help, but this project is abandoned!
Be sure to come back again if your connectivity issues are resolved! Because as far as I can see here, there's a general issue at hand, and not a Let's Encrypt specific issue.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.