Clever Geek Handbook

Certbot letencrypt timeout error

I am getting this strange letencrypt error when I try to run the command

$ certbot certonly --standalone --email example@gmail.com --agree-tos -n -d trumporate.com,www.trumporate.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for trumporate.com
tls-sni-01 challenge for www.trumporate.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. trumporate.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout, www.trumporate.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: trumporate.com
   Type:   connection
   Detail: Timeout

   Domain: www.trumporate.com
   Type:   connection
   Detail: Timeout

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I have now created a file dhparam

using

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Here is my current nginx config file

$ cat /etc/nginx/sites-available/trumporate 
server {
    listen 80;
    server_name trumporate.com www.trumporate.com; 

    location / {
        include proxy_params;
        proxy_redirect off;
        proxy_pass http://127.0.0.1:5000;
    }
}

Not sure where I will go wrong. Should it trumporate.com

be resolvable on this vm where I run certbot?

stopped nginx

and started it again, gave the same error

I registered the domain via route53. He got 2 records of type A pointing to elastic IP attached to ec2 box. one for the www version and one without and has 4 NS records and an SOA record that I think was there by default when the hosting zone was created

+3


source to share


2 answers


Should trumporate.com be resolvable in this vm where I run certbot?

It looks like you are not running the command in the ec2 window where you are trying to include the certificate. This would be a problem as it standalone

spins the web server and then tries to hit it externally with the domain you provided. This "proves" that you own the domain, so to speak. You need to run the command from the ec2 window and you need to open the port that it starts in the world through your security group. You can point the tls-sni port (the one that doesn't work) with --tls-sni-01-port

, but by default it's 443, so you just need to open port 443.



You also mentioned that you are using route53, so you can just use the route53 verifier. This has the advantage that you work anywhere, you just need to have a passkey / secret setting on the computer you run it on.

certbot certonly --dns-route53 --domains trumporate.com,www.trumporate.com
+6


source


One of the variants of such a problem is a violation of access to a folder .well-known

in the domain. For example .htaccess will redirect all requests to index.php ..



0


source






More articles:


All Articles