Can not install SSL authorization failed issue with A records

I ran out of all option on this domain stti.ca, can’t install a certificate and getting the following error.
Deleted and issued new certificates but still can’t issue a certificate.

Usually this is what I use to install same certificate on multiple domains. But somehow I just can’t make this work.
./letsencrypt-auto --apache -d stti.ca -d www.stti.ca

Error:
IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: stti.ca

Type: unauthorized

Detail: Invalid response from

http://stti.ca/.well-known/acme-challenge/MJK6Gy7kkM5TsoOrK6NmIFhXcCWE5-s6Ws-MbsQHEdg:

"\n\n<!DOCTYPE html>\n<html lang=“en-CA” prefix="og:

[http://ogp.me/ns#](http://ogp.me/ns#\)">\n<head>\n\n<title>Home - Streamline Provider

of Transportation"

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.

Hi @makessl

there are some problems (checked via https://check-your-website.server-daten.de/?q=stti.ca ):

You have ipv4 and ipv6 addresses

Host T IP-Address is auth. ∑ Queries ∑ Timeout
stti.ca A 54.68.161.155 yes 1 0
AAAA 2001:4860:4802:32::15 yes
www.stti.ca A 54.68.161.155 yes 1 0
AAAA yes

But if you use http-01 validation, a file in /.well-known/acme-challenge is created and checked.

There:

Letsencrypt prefers ipv6. But your http + ipv6 + /.well-known + non-www is redirected to /, this is bad. Your ipv4 + www is redirected to https, but your https doesn't work, there is the connection closed.

So perhaps remove your ipv6 dns entry (your AAAA entry) and remove the redirect http -> https, then check the domain again.

A redirect http -> https is possible. But https must work (certificate may be wrong). And

http + /.well-known/acme-challenge/filename should redirect to https + /.well-known/acme-challenge/filename, not to https + /

Thank you and very much appreciated. I’ll let the IT update DNS and I’ll try to reinstall SSL.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.