[Solved] (tls-sni-01): urn:acme:error:connection :: Failed to connect to host for DVSNI challenge

Let's Encrypt.org is what going to change the internet, little or much.

It's the tool which make the process of issuing and installing SSL certificate is now just at matter of 1 command. And more importantly it's FREE!

For what it is and how to use it, let's go straight to the website https://letsencrypt.org.

For those of you meeting this kind of error:

Failed authorization procedure. example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenged

It's simply because the let's encrypt server cannot communicate with your webserver (in this example is: example.com). This communication step is required to prove you're owning that domain.

The cause is mostly because the firewall. This process require you open port 443 for tcp handshaking.

Run this command to see if your firewall is allowing 443 port

sudo /sbin/iptables -L INPUT -n -v | grep :443  

If not, make sure you have this in first line of your /etc/sysconfig/iptables:

-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

Remember to restart iptables after modifying configuration

sudo service iptables restart