By dragonSam
Hi @all,
I was following this tutorial to install SSL on my droplet. How To Secure Apache with Let’s Encrypt on Ubuntu 16.04
But for some reason I am getting this error: Failed authorization procedure. topladylingerie.co.ke (tls-sni-01): urn:acme:err or:connection :: The server could not connect to the client to verify the domain :: Connection refused, www.topladylingerie.co.ke (tls-sni-01): urn:acme:error:c onnection :: The server could not connect to the client to verify the domain :: Connection refused IMPORTANT NOTES: The following errors were reported by the server: Domain: topladylingerie.co.ke Type: connection Detail: Connection refused
Domain: www.topladylingerie.co.ke Type: connection Detail: Connection refused
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
And I have checked the firewall status, here is the ufw status: Status: active To Action From Apache Full ALLOW Anywhere OpenSSH ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere Apache Full (v6) ALLOW Anywhere (v6) OpenSSH (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
I am doing this first time and had googled but no result. and event tried the cases on tutorial page. still error persists…
Can anyone help?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
You might want to consider creating a snapshot of your droplet and then starting over from scratch again, since it’s never good to have various services running on your server, which either is not configured correctly or is not maintained.
Uhmm, safe…yes, sort of. If your configuration is a regular OpenCart, then there’s not anything special or hidden about it. But if you have “tricks” or things you don’t want anyone to see, then it wouldn’t be safe to post your configuration, but that would probably also be the reason why Let’s Encrypt isn’t working.
it’s almost the same result for sudo apache2ctl -S, except for first line, it has removed “www” form the domain name
*:80 topladylingerie.co.ke (/etc/apache2/sites-enabled/000-default.conf:1)
as before it was
*:80 www.topladylingerie.co.ke (/etc/apache2/sites-enabled/000-default.conf:1)
i think it is not to be concerned about… or is it?
And yes there are errors:
[Thu Jul 27 09:17:14.459078 2017] [mpm_prefork:notice] [pid 4797] AH00171: Graceful restart requested, doing restart
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
[Thu Jul 27 09:17:14.664452 2017] [ssl:warn] [pid 4797] AH01906: b02af25b75d4e07e87162bfc0ec3eb9d.86d550364a53b9ef19d37e3e555280c2.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 27 09:17:14.664857 2017] [ssl:warn] [pid 4797] AH01906: 5741264e6db22d82f7d8bf9c5c15bf53.3faa85b9d76a169fdd5ca8298c4efee2.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 27 09:17:14.665055 2017] [ssl:emerg] [pid 4797] AH02572: Failed to configure at least one certificate and key for www.topladylingerie.co.ke:443
[Thu Jul 27 09:17:14.665077 2017] [ssl:emerg] [pid 4797] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Thu Jul 27 09:17:14.665088 2017] [ssl:emerg] [pid 4797] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Thu Jul 27 09:17:14.665113 2017] [ssl:emerg] [pid 4797] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Thu Jul 27 09:17:14.665121 2017] [ssl:emerg] [pid 4797] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Thu Jul 27 09:17:14.665126 2017] [:emerg] [pid 4797] AH00020: Configuration Failed, exiting
[Thu Jul 27 09:17:21.162482 2017] [wsgi:warn] [pid 5963] mod_wsgi: Compiled for Python/2.7.11.
[Thu Jul 27 09:17:21.162568 2017] [wsgi:warn] [pid 5963] mod_wsgi: Runtime using Python/2.7.12+.
[Thu Jul 27 09:17:21.162643 2017] [core:warn] [pid 5963] AH00098: pid file /var/run/apache2/apache2.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Jul 27 09:17:21.220665 2017] [mpm_prefork:notice] [pid 5963] AH00163: Apache/2.4.18 (Ubuntu) mod_wsgi/4.3.0 Python/2.7.12+ configured -- resuming normal operations
[Thu Jul 27 09:17:21.220772 2017] [core:notice] [pid 5963] AH00094: Command line: '/usr/sbin/apache2'
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.