Ubuntu 14.04 with Certbot Auto - Failing TLS-SNI Challenge with Apache


#1

i’ve been trying to make this work on my server but not matter how many forum and guide i follow, it just doesnt work. can you please help me to find out whats the problem? port 443 is open in ufw and im running virtual host on apache2.

"XXX@XXXXXX:/etc/apache2/sites-available$ sudo certbot --apache -d www.trackimotracker.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for www.trackimotracker.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
/usr/lib/python2.7/dist-packages/OpenSSL/rand.py:58: UserWarning: implicit cast from ‘char *’ to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)
result_code = _lib.RAND_bytes(result_buffer, num_bytes)
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.trackimotracker.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 45.55.174.12:443 for tls-sni-01 challenge

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.trackimotracker.com
    Type: connection
    Detail: Failed to connect to 45.55.174.12:443 for tls-sni-01
    challenge

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    "


#2

Currently running into the same issue. Were you able to resolve yours?


#3

Getting this when trying to install a new cert with Certbot 12 from the Ondrej PPA:

tls-sni-01 challenge for cloud.domin.com
/usr/lib/python2.7/dist-packages/OpenSSL/rand.py:58: UserWarning: implicit cast from 'char *' to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)
  result_code = _lib.RAND_bytes(result_buffer, num_bytes)
Waiting for verification...

My certs are generated correctly, but I think someone should look into the python warning message.

I’m on Ubuntu 16.04, fresh install.


#4

There’s fairly recent python-openssl version in the PPA, so that might be a reason why it complains.


#5

but I think someone should look into the python warning message.

raise an issue on the certbot github page

Andrei


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.