AuthorizationError: Some challenges have failed

I have 3 similar servers, all have the same problem. I didn’t change nothing important since last certs update when everything works fine.

My domain is: apps.feramat.com

I ran this command: /usr/local/bin/certbot-auto certonly --standalone --email xxx -d apps.feramat.com --renew-by-default

It produced this output:

Domain: apps.feramat.com
Type: unauthorized
Detail: Invalid response from http://apps.feramat.com/.well-known/acme-challenge/TTM80RMncmzPU9_nzT3wJBezP8D0qmBmjbqdHb8jINI [2a00:1ed0:1:1800:7:2d:8c00:1]: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DT

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

file /var/log/letsencrypt/letsencrypt.log

https://pastebin.com/kBw64TdQ

My web server is (include version): shut down before running the command

The operating system my web server runs on is (include version): Debian 9.9

My hosting provider, if applicable, is: wedos.com

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site: no

The version of my client is: certbot 0.38.0

Hi @dave-cz

you have ipv4- and ipv6 addresses - https://check-your-website.server-daten.de/?q=apps.feramat.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
apps.feramat.com A 37.157.193.106 Hluboka nad Vltavou/Jihocesky kraj/Czechia (CZ) - WEDOS Internet No Hostname found yes 1 0
AAAA 2a00:1ed0:1:1800:7:2d:8c00:1 Prague/Hlavni mesto Praha/Czechia (CZ) - VSHosting s.r.o. yes
www.apps.feramat.com Name Error yes 1 0

But there are different answers checking /.well-known/acme-challenge:

Domainname Http-Status redirect Sec. G
http://apps.feramat.com/
37.157.193.106 -2 1.134 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 37.157.193.106:80
http://apps.feramat.com/
2a00:1ed0:1:1800:7:2d:8c00:1 403 Html is minified: 279,03 % 0.120 M
Forbidden
https://apps.feramat.com/
37.157.193.106 -2 1.133 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 37.157.193.106:443
https://apps.feramat.com/
2a00:1ed0:1:1800:7:2d:8c00:1 403 Html is minified: 279,03 % 2.274 N
Forbidden
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://apps.feramat.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
37.157.193.106 -2 1.137 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 37.157.193.106:80
Visible Content:
http://apps.feramat.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:1ed0:1:1800:7:2d:8c00:1 404 Html is minified: 279,30 % 0.120 A
Not Found

ipv4 is blocked, ipv6 answers with the expected http status 404 - Not found. So there are differents systems active.

But if you use standalone, you don’t use the running webserver.

Perhaps remove your ipv6 - AAAA entry or fix your configuration

2 Likes

Removing IPv6 (AAAA) from DNS works, thank you.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.