Timeout Error while installing the Cert using certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I have fallowed this document to install: https://certbot.eff.org/#centos6-nginx

My domain is: chitfund.tk

I ran this command:
I tried running both command, but I got the same output.

sudo ./certbot-auto --nginx --debug --no-bootstrap
sudo ./certbot-auto --nginx --debug

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for chitfund.tk
Waiting for verification…
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 861, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 698, in run
certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 85, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 318, in obtain_certificate
self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. chitfund.tk (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: chitfund.tk
    Type: connection
    Detail: Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): nginx version: nginx/1.10.3

The operating system my web server runs on is (include version):

$ uname -a
Linux ip-172-xxx-29-xxx 4.9.32-15.41.amzn1.x86_64 #1 SMP Thu Jun 22 06:20:54 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

$ cat /etc/issue
Amazon Linux AMI release 2017.03
Kernel \r on an \m

My hosting provider, if applicable, is: AWS EC2 Instance

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

@schoen Could you help me to fix my issue.

am also having same problem

[Edit: link removed by moderator]

@rohith, it looks like your sever is not listening on port 443, which is required for the tls-sni-01 challenge used by the nginx plugin. Could you verify that your firewall/AWS security group allows such connections?

@kogweno, you may be seeing the same error message, but it’s certainly from a different root cause as your server is accessible via port 443. I would suggest you open a new topic with the level of detail rohith provided so that we may further assist you.

@jared.m Thanks a lot now site is HTTPS, I am very happy.

Could you verify that your firewall/AWS security group allows such connections?

Solution: The port 443 was not opened in Security group.

But there is an issue when I access my site https://chitfund.tk/#/login I am facing this error.

But when I access with www it is working fine.

How I can fix this.

@jared.m Do I have to redirect https://chitfund.tk to https://www.chitfund.tk ?

This won’t work, since encryption and certificate validation is done before the actual http request. Just issue a certificate which includes both names, chitfund.tk and www.chitfund.tk.

@bytecamp Yes, I tried installing the certificate for both the domains chitfund.tk and www.chitfund.tk, even though I am facing with same errors.

You just have to issue one certificate for both names and use this in the VirtualHost/server-block. The current situation is having two distinct certificates for the domains and setting up one of both for both domains.

@bytecamp Could you please share the steps to use one certificate for both names and use that in the VirtualHost/server-block.

You may also define two server-blocks with same root-paths and different certificates/server_names. But having both domain names in one certificate is a bit simpler, IMHO.

See the documentation from certbot about how to add domain names to a certificate configuration and then try to reissue:

https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains

@bytecamp I have followed the document and I ran this command to use one certificate for both the names.

sudo ./certbot-auto --nginx certonly --cert-name chitfund.tk -d chitfund.tk,www.chitfund.tk

Still, I am facing this issue, after running the above command I have restarted my nginx.

Please post the output of the command sudo ./certbot-auto certificates

@bytecamp

sudo ./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: chitfund.tk
Domains: chitfund.tk www.chitfund.tk
Expiry Date: 2018-02-19 15:47:25+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/chitfund.tk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/chitfund.tk/privkey.pem
Certificate Name: www.chitfund.tk
Domains: www.chitfund.tk
Expiry Date: 2018-02-19 07:50:22+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/www.chitfund.tk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.chitfund.tk/privkey.pem

So, clearly to see, /etc/letsencrypt/live/chitfund.tk/fullchain.pem contains both domain names. You have to use this certificate (and corresponding key) in your nginx configuration.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.