Question 30315 in Wordpress Question posted in
The official Wordpress documentation can be found here.

AWS lightSail having issue while getting SSL certificate through letsEncrypt – WordPress

I am running aws lightsail, wordpress site. I am trying to get ssl certificate from LetsEncrypt using bncert-tool. I am getting the following error. ‘54.253.145.89’ is a static IP that i have attached with my lightsail instance.

Warning: The domain 'telequip.net' resolves to a different IP address than the one detected for this machine, which is '54.253.145.89'. Please fix its DNS entries or remove it. For more info see: https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/

I have tried the validation method to fix it /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0. But this time I am getting "error: 400 ; Timeout during connect". I have checked all the security setting but I am unable to resolve it.

[telequip.net] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem) 102 [www.telequip.net] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem)

Moreover, I have also tried disabling IPv6 but I still getting the same error.

Tags:

3

Answers


  1. 0

    Your first error usually happens if you have IPv6 enabled on your lightsail instance. The Bncert tool doesn’t properly support IPv6 when issuing certificates.

    You can disable IPv6 by following these steps:

    1. From your Lightsail dashboard, click on the instance you’re having issues with
    2. Choose "Networking"
    3. Scroll down to IPv6 and switch the toggle to off (x)

    You will receive a pop up warning that disabling IPv6 will release the address back into the pool. You must accept and agree with this happening if you want to use the Bncert tool on your Lightsail instance.

    AFAIK the only way to support SSL on IPv6 would be to purchase a certificate elsewhere and install it manually.

    Login or Signup to reply.
  2. 0

    you need A record for this VM:

    1. add static IP on https://lightsail.aws.amazon.com/
    2. go to aws route53 and add A record to IP by subdomin, for example:
      www.mydomin.com A Simple XX.XXX.XXX.XXX
    3. go to Lightsail SSH and run: sudo /opt/bitnami/bncert-tool
    Login or Signup to reply.
  3. 0

    I came across this same issue and found this post, among others. What worked for me was to disable IPv6, as suggested by others. Also, you must make sure the associated AAAA record for the IPv6 address is deleted. After this, you can successfully run bncert-tool. Once the certificate has been created and enabled, you can go back and reenable IPv6 and add the AAAA record, making sure the correct IPv6 address is used, as it may be different now.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search