Urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

My domain is: minilink.hu

I ran this command: certbot --apache (https://certbot.eff.org/#ubuntutrusty-apache)

It produced this output:
Performing the following challenges:
tls-sni-01 challenge for minilink.hu
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. minilink.hu (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: minilink.hu
    Type: tls
    Detail: remote error: tls: handshake failure

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    you have an up-to-date TLS configuration that allows the server to
    communicate with the Certbot client.
    root@control:~#

My web server is (include version): Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 14.04

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): SENTORA AND CLOUDFLARE

Please help, I don’t know why I don’t get SSL. I am really amteuer so please write everything. command etc.

The tls-sni-01 verification method will not work with CloudFlare intercepting connections to your server. Add --preferred-challenges http-01 to your command to use http-01 verification instead.

1 Like

Thank you. But I have got this:
root@control:~# --preferred-challenges http-01
–preferred-challenges: command not found
root@control:~#

OR

root@control:~# certbot --apache --preferred-challenges http-01
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: minilink.hu
2: www.minilink.hu

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):2
Obtaining a new certificate
Performing the following challenges:
None of the preferred challenges are supported by the selected plugin
root@control:~#

My mistake. It should be:

sudo certbot --apache --webroot

Didn’t realize the plugins stacked that way.

I don’t know what is the problem.

root@control:~# certbot --apache --webroot
Too many flags setting configurators/installers/authenticators ‘apache’ -> ‘webroot’

The documentation is super confusing about this. :frowning:

I guess you just want to run:

sudo certbot certonly --webroot

relying on the fact that Apache is already configured.

Thank you your help but i have got this:

root@control:~# certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel):minilink.hu
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for minilink.hu

Select the webroot for minilink.hu:

1: Enter a new webroot

Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1
Input the webroot for minilink.hu: (Enter ‘c’ to cancel):/var/www/html
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. minilink.hu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://minilink.hu/.well-known/acme-challenge/D6GyMEwHxePyMRK_K5QlWBYYiqwTPtTpTz_6dQtUkR4:
< !DOCTYPE html>
< !–[if lt IE 7 ]> <![endif]–>
< !–[if IE 7 ]> <![endif]–>
< !–[”

IMPORTANT NOTES:

You’re almost there! Now WordPress is getting in the way.

Create the file /var/www/html/.well-known/acme-challenge/.htaccess with the following contents:

<IfModule mod_rewrite.c>
   RewriteEngine off
</IfModule>
Satisfy any

Then run that command again.

Thank you! I think this step is working. But on my WordPress is still not work SSL. I tried this plugin: Really Simple SSL but I got this: error No SSL detected. So ig you have any idea please share with me. THANK YOU!

root@control:~# certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel):minilink.hu
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for minilink.hu

Select the webroot for minilink.hu:

1: Enter a new webroot

Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1
Input the webroot for minilink.hu: (Enter ‘c’ to cancel):/var/sentora/hostdata/zadmin/public_html/minilink_hu
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/minilink.hu/fullchain.pem. Your cert will
    expire on 2017-09-24. To obtain a new or tweaked version of this
    certificate in the future, simply run certbot again. To
    non-interactively renew all of your certificates, run “certbot
    renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

I’m not sure what you’re trying to do, but this is equivalent to -a apache -i apache -a webroot -i webroot, which contradicts itself. If you want to use webroot to get the certificate and then apache to install in Apache, you can do -a webroot -i apache, where -a specifies a plugin to use for authentication (obtaining the certificate) and -i for installation (installing a previously-obtained certificate by modifying configurations).

1 Like

Both minilink.hu and www.minilink.hu work fine for me over HTTPS. I’m not sure what the Really Simple SSL plugin is or is trying to do, but perhaps it is confused because minilink.hu just appears to be a redirect to another site: http://apronepper.hu/aprohirdetes/ which is not available over HTTPS.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.