Updating cert but server is not in default port 80


#1

Please fill out the fields below so we can help you better.

My domain is:sitesat.intersite.com.br

I ran this command:./letsencrypt-auto certonly -c letsencrypt_update.ini -d sitesat.intersite.com.br --http-01-port 81

It produced this output:
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Failed authorization procedure. sitesat.intersite.com.br (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to http://sitesat.intersite.com.br/.well-known/acme-challenge/FgI1ZKXgbi2l4VoKjbjsE57AazrmsySiH9GkVroo-Ck

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: sitesat.intersite.com.br
    Type: connection
    Detail: Could not connect to
    http://sitesat.intersite.com.br/.well-known/acme-challenge/FgI1ZKXgbi2l4VoKjbjsE57AazrmsySiH9GkVroo-Ck

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My operating system is (include version):CentOS 6.4

My web server is (include version):Apache 2.2.15+Glasfish 3.1.1

[root@IS230 letsencrypt]# cat letsencrypt_update.ini
rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
authenticator = webroot
text = True
agree-tos = True
renew-by-default = True
email = edilmaralves@intersite.com.br
webroot-path = /sistemas/sitesat2-cte

I look at these discussions, with no success:



#2

Before Let’s Encrypt will issue a certificate, they have to verify that you control the hostname(s) for which you’re requesting the cert. They currently have three ways of doing that: (1) HTTP authentication, (2) TLS authentication, and (3) DNS authentication.

HTTP authentication requires that they be able to connect, from the public Internet, to port 80 of each hostname for which you’re seeking a cert. You can specify a different port on the client, and it will listen on that port for the challenge, but the public Internet has to get its response on port 80.

The TLS challenge requires the same thing, but with port 443 rather than port 80.

If both ports 80 and 443 are blocked by your ISP, you should probably look at changing ISPs. However, you can also use the DNS challenge. This is not supported by certbot, but it is supported by many of the alternative clients, including letsencrypt.sh, acme.sh, and lego.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.