Letsencrypt renewal getting - remote error: tls: handshake failure

Question

I'm trying to renew my letsencrypt certs and getting the following error:

remote error: tls: handshake failure

How do I fix this?

score 9 · Answer 1 · answered Jun 17 '17 at 18:07

9

I had Cloudflare running on the site, once I paused it I could renew the certs.

answered Jun 17 '17 at 18:07

jackreichert

283
3
10

user45793 · Answer 2 · 2018-11-20T20:27:16.253

1

Consider specifying the http-01 method. For example,

sudo certbot renew --preferred-challenges http-01

The http-01 challenge works by generating a file at a specific web-accessible location under the domain under consideration. The challenge relies on HTTP (port 80) rather than HTTPS (e.g., the tls-sni-01 challenge method). Avoiding reliance on TLS can be a step forward in addressing the error you encounter.

The --preferred-challenges, perhaps self-evidently, cues certbot, for plugins which can handle more than one challenge method.

edited Nov 20 '18 at 20:27

answered Nov 19 '18 at 22:02

user45793

111
3

In light of the answer posted by the OP and in general you may want to explain what that option does and why that work-around may solve the problem. For instance *“by renewing over plain http on port 80 rather than over https on port 443, you can avoid TLS warnings.”* BTW when you redirect http to https you will still get an error unless you exclude the /.well-known/acme-challenge path from such a redirect – HBruijn Nov 19 '18 at 22:21
@HBruijn Thanks for the cues for additional elaboration. – user45793 Nov 20 '18 at 20:22

Letsencrypt renewal getting - remote error: tls: handshake failure

2 Answers2