BonBon Slick2017-10-27 12:54:54
BonBon Slick, 2017-10-27 12:54:54

Another LetsEncrypt error?

I already wrote about LE earlier, it gave a different error, certain steps helped in the solution, now for the new subdomain it started to knock out a new error ....

[email protected]:/var/www/test$ sudo certbot certonly -a webroot --webroot-path=/var/www/test -d test.domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.domain.com
Using the webroot path /var/www/test for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. test.domain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://test.domain.com/.well-known/acme-challenge/oTk4n-oaIuuAo_3WUSyh153oK5JLVGPedvHiztgoU68: Error getting validation data

 - The following errors were reported by the server:

   Domain: test.domain.com
   Type:   connection
   Detail: Fetching
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

The domain is registered and registered where the main one was bought, that is, everything is tied. DNS are correct, hosting. Since there are already subdomains, I set everything up as in previous times, that is, I added another subdomain as a domain, registered A / AAAA / CNAME, excellent, the domain was registered and it enters, it just gives an error that the certificate is incorrect, because it considers from cert from main domain:
Your connection is not private
Attackers might be trying to steal your information from test.domain.com

Therefore, you need to issue a new certificate for the new subdomain. I set the rights to the folder to 775, additionally hardcoded the subdomain in the /etc/hosts file, and still, it gives an error in the console when I try to issue another certificate for the subdomain.

It’s not entirely clear why it knocks out an error Type: connection, since there is access from the browser, I try ping through the console, 100% of the packets reach.

nginx configs are registered and connected in sites-enabled
        listen 80 http2;
        listen [::]:80 http2;
        listen  443 ssl http2;
        listen [::]:443 ssl http2;

        server_name     test.domain.com;
        root            /var/www/test;
        index index.php index.html index.html;

        location ~ /.well-known {
                allow all;

         # pass PHP scripts to FastCGI server
        location ~ [^/]\.php(/|$) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                include fastcgi_params;
                fastcgi_read_timeout 999;

        location / {
                try_files $uri $uri/ =404;
                allow all;

        location ~ /\.ht {
                deny all;

I tried to disable firewalls UFW and hosting + my computer, it did not help....

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Vladimir Mukovoz, 2017-10-27

It clearly states that the problem is with DNS, have you registered your subdomain to this server for a long time? And another question, you configured http2 on port 80, can you show it?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question