View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions problema al agregagar subdominio
Log in to Ask a Question

problema al agregagar subdominio

hola espero entiendan español tengo un dominio empleosfull.com y le acabo de crear un subdominio pe.empleosfull.com pero a la hora de querer crearle un certificado letsencrypt no me deja lo que me dice es

Failed authorization procedure. www.pe.empleosfull.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.pe.empleosfull.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.pe.empleosfull.com Type: connection Detail: DNS problem: NXDOMAIN looking up A for www.pe.empleosfull.com

    To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. me pueden ayudar porfavor saludos gracias. al momento de hacerle ping a pe.empleosfull.com si funciona igual a www.pe.empleosfull.com tambiem funciona puedo ver en pantalla http://www.pe.empleosfull.com pero al querer generar un certificado ssl con letsencrypt no puedo a que se debe gracias por su respuesta

11 Replies

Hey there,

The initial error mentions being unable to find the A record for www.pe.empleosfull.com. When I looked into this further I found that it does appear that the A record is correctly in place. You can check this yourself by running the below command. The answer should be the IP address of your site.

dig +short A www.pe.empleosfull.com

198.74.52.217

From there we would want to take a look to make sure the appropriate ports were open. In this case 80 and 443.

For this you would run the below command.

nmap 198.74.52.217

80/tcp open http

443/tcp open https

From what we are seeing everything is set up correctly for you to install an SSL certificate. It would be worth it to attempt installing the certificate from Let's Encrypt again.

I hope this helps. If you have any other questions let us know.

-Blake

hola al querer agregar un certificado me tira este error

Failed authorization procedure. www.pe.empleosfull.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.pe.empleosfull.com/.well-known/acme-challenge/Kv8TwAoI2vFFCWwLLsoJ3Yw9ovRdjQ93ECfQIMk4E3Y: Timeout, pe.empleosfull.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://pe.empleosfull.com/.well-known/acme-challenge/tPAsafFrJ-gz1xh-QN2xB8p7fl5U-MxRLXfHCHbVPKQ: Timeout

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.pe.empleosfull.com Type: connection Detail: Fetching http://www.pe.empleosfull.com/.well-known/acme-challenge/Kv8TwAoI2vFFCWwLLsoJ3Yw9ovRdjQ93ECfQIMk4E3Y: Timeout

    Domain: pe.empleosfull.com Type: connection Detail: Fetching http://pe.empleosfull.com/.well-known/acme-challenge/tPAsafFrJ-gz1xh-QN2xB8p7fl5U-MxRLXfHCHbVPKQ: Timeout

    To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

al agregar dig + short A www.pe.empleosfull.com

;; Invalid option

; <<>> DiG 9.10.3-P4-Ubuntu <<>> + short A www.pe.empleosfull.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29281 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;short. IN A

;; Query time: 882 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Mar 23 01:34:11 UTC 2018 ;; MSG SIZE rcvd: 34

;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8211 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;www.pe.empleosfull.com. IN A

;; ANSWER SECTION: www.pe.empleosfull.com. 0 IN A 198.74.52.217

;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Mar 23 01:34:11 UTC 2018 ;; MSG SIZE rcvd: 67

al agregar nmap 198.74.52.217

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-23 01:35 UTC Nmap scan report for www.pe.empleosfull.com (198.74.52.217) Host is up (0.00014s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https

Linode Staff

Hello,

What you might be seeing is the command you are running is attempting to fetch the website over IPv6 instead of IPv4. While I do see you have a AAAA record properly set up for the domain, it looks like attempting to curl the domain is timing out:

curl -6v www.pe.empleosfull.com
* Rebuilt URL to: www.pe.empleosfull.com/
*   Trying 2600:3c02::f03c:91ff:fe47:f073...
* connect to 2600:3c02::f03c:91ff:fe47:f073 port 80 failed: Connection timed out
* Failed to connect to www.pe.empleosfull.com port 80: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to www.pe.empleosfull.com port 80: Connection timed out

I would recommend taking a look at your Apache Virtual Hosts to make sure that is configured for IPv6. You can also read more at the Apache documentation on virtual hosts. The Let's Encrypt community forums might also have some additional information to help get this sorted out.

hola entro a sudo nano etc/apache2/ports.conf y tengo esto

Listen 198.74.52.217:80 Listen [2600:3c02::f03c:91ff:fe47:f073]:80

<ifmodule ssl_module=""> Listen 443 </ifmodule>

<ifmodule mod_gnutls.c=""> Listen 443 </ifmodule>

al hacer netstat -anlp |grep 80

tcp 0 0 198.74.52.217:80 0.0.0.0:* LISTEN 17228/apache2<br> tcp6 0 0 2600:3c02::f03c:91ff:80 :::*<br> LISTEN 17228/apache2<br> unix 3 [ ] STREAM CONNECTED 659809 1/systemd /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 659807 24836/systemd-netwo

mi archivo en sites-vailable/ pe.empleosfull.com.conf

<virtualhost *:80=""> ServerName pe.empleosfull.com ServerAlias www.pe.empleosfull.com ServerAdmin infoempleosfull@gmail.com DocumentRoot /var/www/pe.empleosfull.com/public_html</virtualhost>

    <Directory /var/www/pe.empleosfull.com>
      AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on RewriteCond %{SERVERNAME} =pe.empleosfull.com [OR] RewriteCond %{SERVERNAME} =www.pe.empleosfull.com RewriteRule ^ https://%{SERVERNAME}%{REQUESTURI} [END,NE,R=permanent]

sudo certbot --apache Failed authorization procedure. pe.empleosfull.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://pe.empleosfull.com/.well-known/acme-challenge/wtMGVg7nMpXaqtDQbz466nZSzcg7ZiTMUQHfSwRixQI: Timeout

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: pe.empleosfull.com Type: connection Detail: Fetching http://pe.empleosfull.com/.well-known/acme-challenge/wtMGVg7nMpXaqtDQbz466nZSzcg7ZiTMUQHfSwRixQI: Timeout

    To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

podria ayudarme porfavor (please help)

dig +short A www.pe.empleosfull.com

198.74.52.217

nmap 198.74.52.217

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-25 02:52 UTC Nmap scan report for pe.empleosfull.com (198.74.52.217) Host is up (0.00014s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

my etc/hosts

127.0.0.1 localhost 127.0.1.1 localhost.localdomain localhost 198.74.52.217 pe.empleosfull.com 198.74.52.217 www.pe.empleosfull.com 198.74.52.217 empleosfull.com 198.74.52.217 www.empleosfull.com

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

Linode Staff

So the fact that the specific error you are seeing is showing both that the challenge fails at http-01 and that there is a timeout makes me continue to suspect the issue is that I cannot connect to your Linode over port 80 over IPv6.

telnet 2600:3c02::f03c:91ff:fe47:f073 80
Trying 2600:3c02::f03c:91ff:fe47:f073...

While attempting to connect to port 443 actually does work:

telnet 2600:3c02::f03c:91ff:fe47:f073 443
Trying 2600:3c02::f03c:91ff:fe47:f073...
Connected to 2600:3c02::f03c:91ff:fe47:f073.
Escape character is '^]'.

To get a better idea to see if anything is currently listening on port 80, can you run the following command?

sudo netstat -plunt

You should see an entry similar to the following:

tcp6       0      0 :::80                   :::*                    LISTEN      <PID>/<Program Name>

Taking a look at the netstat you provided, your Linode doesn't have a service listening on TCP6 over port 80. I wonder if you can edit your /etc/apache2/ports.conf file so the two listen entries are on different lines to look as follows:

Listen 198.74.52.217:80 
Listen [2600:3c02::f03c:91ff:fe47:f073]:80

After that, restart the Apache service and let us know if that works.

sudo netstat -plunt tcp 0 0 198.74.52.217:80 0.0.0.0:* LISTEN 17228/apache2

tcp6 0 0 2600:3c02::f03c:91ff:80 :::* LISTEN 17228/apache2

tcp6 0 0 :::443 :::* LISTEN 17228/apache2

/etc/apache2/ports.con

Listen 198.74.52.217:80 Listen [2600:3c02::f03c:91ff:fe47:f073]:80

<ifmodule ssl_module=""> Listen 443 </ifmodule>

<ifmodule mod_gnutls.c=""> Listen 443 </ifmodule>

if it is the same in two different lines. I think that by copying and pasting here everything comes together.

Listen 198.74.52.217:80 Listen [2600:3c02::f03c:91ff:fe47:f073]:80

<ifmodule ssl_module=""> Listen 443 </ifmodule>

<ifmodule mod_gnutls.c=""> Listen 443 </ifmodule>

http://ipv6-test.com/validate.php

IPv6 validation for http://pe.empleosfull.com good job

IPv6 validation for https://pe.empleosfull.com good job

sudo certbot --apache

ahora me sale esto

http-01 challenge for pe.empleosfull.com http-01 challenge for www.pe.empleosfull.com Waiting for verification… Cleaning up challenges

Failed authorization procedure. pe.empleosfull.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://pe.empleosfull.com/.well-known/acme-challenge/VeRIRdj-9591mdZSgT6DH4_QKYFRHY7uHMl3u6Tyg: " <title>404 Not Found</title>

Not Found

<p"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: pe.empleosfull.com Type: unauthorized Detail: Invalid response from http://pe.empleosfull.com/.well-known/acme-challenge/VeRIRdj-9591mdZSgT6DH4_QKYFRHY7uHMl3u6Tyg:

    " <title>404 Not Found</title>

Not Found

<p"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

ok lo arregle good tuve que detener los servicios de iptables y ya pude corregir el problema thanks.

hello because I put data from the configuration of my server it would be possible to delete everything or change it for other example data

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct