Two domains, but only one will certificate with certbot

zeltus · October 2, 2020, 1:16pm

My domain is: zeltus.fun

I ran this command: sudo certbot --apache

It produced this output:

.
.
.
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for zeltus.fun
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. zeltus.fun (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: During secondary validation: Fetching http://zeltus.fun/.well-known/acme-challenge/XDHznBSYMQwoM4RD4xciqaHw8HRlDveoppekUE53IzA: Connection refused

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: zeltus.fun
Type: connection
Detail: During secondary validation: Fetching
http://zeltus.fun/.well-known/acme-challenge/XDHznBSYMQwoM4RD4xciqaHw8HRlDveoppekUE53IzA:
Connection refused

My web server is (include version): Apache 2.4.38 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 19.04

My hosting provider, if applicable, is: Contabo

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is certbot 0.31.0

NOTES

I have two domains running on this server. zeltus.eu runs fine and has a certbot certificate created and running nicely. But zeltus.fun will not play ball.

Please help, I have no hair left to pull out!

Bill

griffin · October 2, 2020, 4:15pm

Welcome to the Let's Encrypt Community, Bill

Sorry you're having such trouble. I've been taking a look into things.

The first thing I noticed was that zeltus.fun is not included in the certificate it is serving, which will result in browsers refusing the certificate, but won't prevent certbot from acquiring a certificate for zeltus.fun.

JuergenAuer · October 2, 2020, 4:55pm

Hi @zeltus

if you have that error, then the main Letsencrypt server can check your domain.

But secondary servers are blocked.

Looks like you have a regional firewall or something else, that blocks (sample: Some ip addresses).

Find and remove that.

zeltus · October 3, 2020, 10:11am

And, for no obvious reason, it is now working....

No idea why, but hey, so long as it works, I'm happy. Well, that's not quite true, I'd like to know what is going on, I am fairly web literate but certificates are a new thing to me, me being old-school an' all.

Thanks for looking into this guys, much appreciated.

JuergenAuer · October 3, 2020, 10:15am

Thanks reporting back -

Sometimes, these secondary checks are too slow, so there are timeouts. May be

Service status: Planned Maintenance

produces that sometimes.

Or you have used the wrong time, never start such jobs 00:00, 01:00 or 01:15 etc. Always add a random value.

system · November 2, 2020, 10:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.