[ale] let's encrypt cert renewals?

Derek Atkins derek at ihtfp.com
Wed May 10 21:09:23 EDT 2017


The "failed to connect" seems pretty straightforward.  Are you sure your Apache logs show they are connecting?  I would still bet on firewall issues.

-derek

Sent from my mobile. Please excuse any typos.

----- Reply message -----
From: "James Sumners" <james.sumners at gmail.com>
To: "Atlanta Linux Enthusiasts" <ale at ale.org>
Subject: [ale] let's encrypt cert renewals?
Date: Wed, May 10, 2017 8:42 PM

I have no issues using https://github.com/hlandau/acme

On Wed, May 10, 2017 at 8:40 PM, DJ-Pfulio <DJPfulio at jdpfu.com> wrote:
Anyone else having trouble renewing let's encrypt certs?



Apache2 on Ubuntu 16.04.



Failing tls-sni-01 challenge.



I have 2 sites on the same machine.  Both have renewed 3 times without

issues.  Today, they both failed. The script that always worked before:



#!/bin/sh

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

/usr/bin/letsencrypt  renew







I've been through the log file(s). Not anything useful, just:



FailedChallenges: Failed authorization procedure. site.domain.com

(tls-sni-01): urn:acme:error:connection :: The server could not connect

to the client to verify the domain :: Failed to connect to

50.xx.xx.xx:443 for tls-sni-01 challenge



DNS is correct.

Site is up on 443, but not on 80.

I opened the site to everyone. Normally, only allow a few specific subnets.



Ideas?

_______________________________________________

Ale mailing list

Ale at ale.org

http://mail.ale.org/mailman/listinfo/ale

See JOBS, ANNOUNCE and SCHOOLS lists at

http://mail.ale.org/mailman/listinfo




-- 
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170510/44a8dca9/attachment.html>


More information about the Ale mailing list