Can not install SSL authorization failed issue with A records

I ran out of all option on this domain stti.ca, can’t install a certificate and getting the following error.
Deleted and issued new certificates but still can’t issue a certificate.

Usually this is what I use to install same certificate on multiple domains. But somehow I just can’t make this work.
./letsencrypt-auto --apache -d stti.ca -d www.stti.ca

Error:
IMPORTANT NOTES:

• The following errors were reported by the server:

Domain: stti.ca

Type: unauthorized

Detail: Invalid response from

http://stti.ca/.well-known/acme-challenge/MJK6Gy7kkM5TsoOrK6NmIFhXcCWE5-s6Ws-MbsQHEdg:

"\n\n<!DOCTYPE html>\n<html lang=“en-CA” prefix="og:

[http://ogp.me/ns#](http://ogp.me/ns#\)">\n<head>\n\n<title>Home - Streamline Provider

of Transportation"

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.

Hi @makessl

there are some problems (checked via https://check-your-website.server-daten.de/?q=stti.ca ):

You have ipv4 and ipv6 addresses

But if you use http-01 validation, a file in /.well-known/acme-challenge is created and checked.

There:

Letsencrypt prefers ipv6. But your http + ipv6 + /.well-known + non-www is redirected to /, this is bad. Your ipv4 + www is redirected to https, but your https doesn't work, there is the connection closed.

So perhaps remove your ipv6 dns entry (your AAAA entry) and remove the redirect http -> https, then check the domain again.

A redirect http -> https is possible. But https must work (certificate may be wrong). And

http + /.well-known/acme-challenge/filename should redirect to https + /.well-known/acme-challenge/filename, not to https + /

Thank you and very much appreciated. I’ll let the IT update DNS and I’ll try to reinstall SSL.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.