Two domains, but only one will certificate with certbot

My domain is: zeltus.fun

I ran this command: sudo certbot --apache

It produced this output:

.
.
.
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for zeltus.fun
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. zeltus.fun (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: During secondary validation: Fetching http://zeltus.fun/.well-known/acme-challenge/XDHznBSYMQwoM4RD4xciqaHw8HRlDveoppekUE53IzA: Connection refused

IMPORTANT NOTES:

My web server is (include version): Apache 2.4.38 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 19.04

My hosting provider, if applicable, is: Contabo

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is certbot 0.31.0

NOTES

I have two domains running on this server. zeltus.eu runs fine and has a certbot certificate created and running nicely. But zeltus.fun will not play ball.

Please help, I have no hair left to pull out!

Bill

2 Likes

Welcome to the Let's Encrypt Community, Bill :slightly_smiling_face:

Sorry you're having such trouble. I've been taking a look into things.

The first thing I noticed was that zeltus.fun is not included in the certificate it is serving, which will result in browsers refusing the certificate, but won't prevent certbot from acquiring a certificate for zeltus.fun.

2 Likes

Hi @zeltus

if you have that error, then the main Letsencrypt server can check your domain.

But secondary servers are blocked.

Looks like you have a regional firewall or something else, that blocks (sample: Some ip addresses).

Find and remove that.

4 Likes

And, for no obvious reason, it is now working.... :slight_smile:

No idea why, but hey, so long as it works, I'm happy. Well, that's not quite true, I'd like to know what is going on, I am fairly web literate but certificates are a new thing to me, me being old-school an' all.

Thanks for looking into this guys, much appreciated.

2 Likes

Thanks reporting back - :+1:

Sometimes, these secondary checks are too slow, so there are timeouts. May be

Service status: Planned Maintenance

produces that sometimes.

Or you have used the wrong time, never start such jobs 00:00, 01:00 or 01:15 etc. Always add a random value.

2 Likes