Reputation: 39
AWS lightSail having issue while getting SSL certificate through letsEncrypt
I am running aws lightsail, wordpress site. I am trying to get ssl certificate from LetsEncrypt using bncert-tool. I am getting the following error. '54.253.145.89' is a static IP that i have attached with my lightsail instance.
Warning: The domain 'telequip.net' resolves to a different IP address than the one detected for this machine, which is '54.253.145.89'. Please fix its DNS entries or remove it. For more info see: https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/
I have tried the validation method to fix it /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0. But this time I am getting "error: 400 ; Timeout during connect". I have checked all the security setting but I am unable to resolve it.
[telequip.net] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem) 102 [www.telequip.net] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem)
Moreover, I have also tried disabling IPv6 but I still getting the same error.
Upvotes: 2
Views: 5514
Answers (4)
Reputation: 3844
If you're using CloudFlare then make sure to disable the proxy for all the domains used for a certificate creation.
In the proxy status column you should have "DNS only" status. It might take a few minutes for this change to be applied. You can verify the ip by using https://www.whatsmydns.net/. Once your certificate is created, you can enable back the proxy.
Upvotes: 0
Reputation: 1
I came across this same issue and found this post, among others. What worked for me was to disable IPv6, as suggested by others. Also, you must make sure the associated AAAA record for the IPv6 address is deleted. After this, you can successfully run bncert-tool. Once the certificate has been created and enabled, you can go back and reenable IPv6 and add the AAAA record, making sure the correct IPv6 address is used, as it may be different now.
Upvotes: 0
Reputation: 1671
you need A record for this VM:
- add static IP on https://lightsail.aws.amazon.com/
- go to aws route53 and add A record to IP by subdomin, for example:
www.mydomin.com A Simple XX.XXX.XXX.XXX - go to Lightsail SSH and run:
sudo /opt/bitnami/bncert-tool
Upvotes: 1
Reputation: 825
Your first error usually happens if you have IPv6 enabled on your lightsail instance. The Bncert tool doesn't properly support IPv6 when issuing certificates.
You can disable IPv6 by following these steps:
- From your Lightsail dashboard, click on the instance you're having issues with
- Choose "Networking"
- Scroll down to IPv6 and switch the toggle to off (x)
You will receive a pop up warning that disabling IPv6 will release the address back into the pool. You must accept and agree with this happening if you want to use the Bncert tool on your Lightsail instance.
AFAIK the only way to support SSL on IPv6 would be to purchase a certificate elsewhere and install it manually.
Upvotes: 4
Related Questions
- Wildcard SSL on Lightsail Load Balancer
- Amazon Lightsail Install Godaddy SSL Certificate
- Issues while enabling SSL on AWS Lightsail Load balancer and custom DNS CLoudflare
- Official Lightsail SSL with Really Simple SSL Plugin Wrong for Debian Instances
- Let's encrypt SSL for nodejs in lightsail resource missing
- "Error while running apache2ctl graceful" Let's Encrypt on AWS Lightsail Bitnami
- Can't get LetsEncrypt SSL certificate to work with AWS Lightsail
- Trying to install SSL certificate using LetsEncrypt
- Server.crt issues on AWS Lightsail after following Let's Encrypt tutorial
- Lets Encrypt expired SSL certificate amazon lightsail removal