New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trying to get Certbot to install new cert with HSTS #3260
Comments
So the problem here isn't that the Let's Encrypt CA can't connect to your server, it's that Certbot can't connect to Let's Encrypt. The client is failing is where we first try to establish a connection with the CA. What happens if you run |
@bmw, Thanks for pointing me the way to the problem. Turns out that the server didn't know who
Edit: Sure enough, as soon as I add |
Glad I could help! Has this issue been resolved then? |
Yup! I am now able to get the IW LE plugin to issue certs for customer domains. I've reproduced this behavior for several customer domains and in all cases, it's fixed. I'll go ahead and close this issue. Thanks again for pointing the way. :) |
Hi,
Some background:
So, I'm using InterWorx and I'm encountering this issue where
./certbot-auto --hsts
doesn't work nor does./certbot-auto certonly --standalone
after temporarily stoppinghttpd
onCentOS 7 x64
. Also note that it's not proxied. This is on a Xen VPS. I've also confirmed thattelnet
to port 443 works for this server, so there should be no connection issues...IW dev/support noted that HSTS might be causing Certbot-auto to fail on helmsgate.eidolonhost.com because eidolonhost.com is preloaded via the HSTS preload list (which I've now since requested removal so I can get this issue fixed...) but I was hoping there might be some answer where I can force through a LE cert to be installed.
Relevant logs:
Edit: Note that helmsgate.eidolonhost.com is now using a valid SSL certificate from Comodo. It'll at least allow me to get the SSL certificate replaced with Let's Encrypt in the future.
Edit2: It appears to be still persisting for a customer domain, in this case,
dragonfox.net
with the exact same error. The customer is using CloudFlare in this case, though so I don't know if that's relevant to the client being unable to install new SSL certs?The text was updated successfully, but these errors were encountered: