Unable to set up letsencrypt


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
securedevops.info
I ran this command:
[root@wordpress letsencrypt]# ./letsencrypt-auto -w /data/.sitehome/securedevops/web/^C

It produced this output:

./letsencrypt-auto -w /data/.sitehome/securedevops/web/
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: securedevops.info
2: www.securedevops.info


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for securedevops.info
http-01 challenge for www.securedevops.info
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.securedevops.info (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.securedevops.info/.well-known/acme-challenge/MGudERdXjTEyAuI7fXwsmtUiSKQtBuZlkWgJSpfsEKw: Timeout during connect (likely firewall problem), securedevops.info (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://securedevops.info/.well-known/acme-challenge/eEqO-dx_8Wl7X2apyyOjLuqbgXe6b0SkSreuhFtNDZM: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

My web server is (include version):
[root@wordpress letsencrypt]# /sbin/httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jun 27 2018 13:48:59

The operating system my web server runs on is (include version):

[root@wordpress letsencrypt]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@wordpress letsencrypt]# uname -r
3.10.0-862.11.6.el7.x86_64

My hosting provider, if applicable, is:

I’m just using godaddy DNS forwarding to my own IP.

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no


#2

Hi @mwimpelberg

you have two ip addresses:

Name: securedevops.info
Addresses: 184.168.131.241
69.113.172.9
Aliases: www.securedevops.info

The 69 doesn’t work.

https://letsdebug.net/securedevops.info/3929?debug=y

Perhaps this address is wrong, so change your dns settings.


#3

http://www.securedevops.info/ perfectly resolves to http://69.113.172.9/. The DNS name is forwarded to the IP by godaddy. I made an A record for the ip 69.113.172.9. What am I doing wrong?


#4

I have a timeout with both addresses. So http-01 - challenge (file under /.well-known/acme-challenge/ ) isn’t possible.


#5

Sorry but I’m really new to this. Do I need to create .well-known/acme-challenge under my web directory?


#6

No, Certbot creates the directory. But there is no website. Open

http://www.securedevops.info/ or the ip-address

in your browser. I have a timeout.


#7

Hi,

It seems that either the ISP (if home network) or the server is blocking port 80 & 443…

Please try to unblock the port before you proceed (or use dns-01 challenge)

P.S. Let’s encrypt will not follow the redirect that GoDaddy provides, so please also remove the GoDaddy redirection service.

Thanks


#8

I switched to a VPS and now I have a different issue.

securedevops.info has both AAAA (IPv6) and A (IPv4) records. While they both appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that the IPv4 and IPv6 addresses may unintentionally point to different servers, which would cause validation to fail.

Is this something that I can fix with godaddy?


#9

I see only ipv4 - addresses, no ipv6. But 184.168.131.241 is wrong, remove that.

And now http://www.securedevops.info/ I see a website - “hi”.

But there is a frame with ip - http://142.93.248.170 - there comes the “hi”.

The ip is the same as www.securedevops.info. Letsencrypt must find the validation file under

http://www.securedevops.info/

not under http://142.93.248.170


#10

Hi,

Could you please REMOVE GODADDY REDIRECTION?

That will ALWAYS cause you issues when you request an HTTP-01 Validation.

Please, JUST add A records for tour domains under your DNS control panel.

https://www.godaddy.com/help/add-an-a-record-19238

Thank you


#11

Now it looks good:

https://letsdebug.net/www.securedevops.info/3938

is green. One ipv4-address, no frame.

Oh - https://www.securedevops.info/ is ready :wink:

And has a new letsencrypt-certificate created today.


#12

Yes! It’s working now, thanks so much!


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.