Letsencrypt problems

customdomain
dns

#1

Hello,

I’m having some difficulties getting the server connect to the client. I get this error every time I run the command.

Failed authorization procedure. sub.mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to My IP for TLS-SNI-01 challenge.

I have port 80 and 443 forward to the my local server. What else am I missing?


#2

Are you using cloudflare?
Is your dns record correct?


#3

No, I’m using Namecheap default DNS.


#4

If it not connecting then I would double check to verify that nothing is obscuring the IP address for the A record. I am not too familiar with Namecheaps DNS so it’s hard to say how long it takes their records to be received by the internet. Do they offer some sort of CDN on their platform? If they do, turning this off should aid LE in recognizing the server IP address.


#5

I’ve been using them without issues.
Do you have both ‘@’ and ‘www’ as the A Record?


#6

Before switching to QuickBox I was using Ngnix and it checked and renewed fine using the 2 rules I temporary enable every time I need to. No changes have ever been done to namecheap DNS.

Edit: I forgot to mention I’m using Dynamic DNS on PFSense to automatically update the IP when it change.


#7

This is my setup on Namecheap


#8

What are your pfsense logs saying? You should see inbound traffic for the web server from LE that is getting either in or getting blocked. Are you seeing any traffic from them when you try to setup LE?

There are other clients than certbot…perhaps they may be of use to you: https://www.lowendtalk.com/discussion/comment/1879088/#Comment_1879088


#10

I check the logs and for some reason it was getting blocked despite having rules to allow connections from any source to my local server IP:443. Now the error changed to this.

Failed authorization procedure. sub.mydomain (tls-sni-01): urn:acme:error:unauthorized :: The cli ent lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Req uested nkewnfen’pfne8fye9862304ihfeoiehf37409374097322347.acme.invalid from MYIP:443. Received certificate containing ‘’


#11

I think you need to post this to the LE forums. It is not QuickBox specific.


#12

Replace “home” with “www”


#13

I’m using 1 domain for 2 servers, 2 different locations.


#14

Re-creating the rules on pfsense solve the problem…