Have you tried renewing your Letsencrypt certificate and got the error below?
root:/etc/letsencrypt/live# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The server could not connect to the client to verify the domain
:: Fetching https://XYZ.com.well-known/acme-challenge/$key:
Error getting validation data .
– The following errors were reported by the server:
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
First check your DNS settings and confirm that no firewalls are preventing the server from communicating with the client. If error persists, check the following:
- Check the website access log. On Apache: /var/log/apache2/XYZ_access.log
- Look out for the entry for Letsencrypt server requests:
220.127.116.11 – – [08/Oct/2018:11:02:04 -0400] “GET /.well-known/acme-challenge/$key HTTP/1.1” 302 642 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”
Note the response code; in this case, 302 – means temporary redirection.
- Check the website configuration file or .htaccess file for any redirection command. In this case, there is a redirection in the site config file @ /etc/apache2/sites-available/XYZ.com.conf:
# redirect http traffic to https
Redirect / https://XYZ.com
- Comment out this line by prepending with #
# Redirect / https://XYZ.com
- Restart apache service
Service apache2 restart
- Retry the Let’sencrypt certificate renewal
It should be successful now.
- Re-enable the redirection