Urn:acme:error:connection :: The server could not connect to the client to verify

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: unbeatable.com

I ran this command: certbot renew --dry-run

It produced this output:

Attempting to renew cert (unbeatable.com) from /etc/letsencrypt/renewal/unbeatable.com.conf produced an unexpected error: Failed authorization procedure. widget.unbeatable.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data, unbeatable.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data, dash.unbeatable.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data, api.unbeatable.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/unbeatable.com/fullchain.pem (failure)

My web server is (include version):

nginx/1.4.6

The operating system my web server runs on is (include version):

Ubuntu 14.04.3 LTS

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

Certbot was set up on here by another member of the team and has been working fine for a while. I don’t think anything has changed on the server or setup, it’s a legacy system that we mostly leave alone.

Thanks !

You’ll need to look at upgrading the installed version of certbot on this server.

More info: IMPORTANT: What you need to know about TLS-SNI validation issues

1 Like

Thanks. Running certbot-auto with --preferred-challenges http worked.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.