Can't generate production certs

Im successful generating staging certs, what when i remove the certs and change to the production directory CA=“” and execute /usr/bin/dehydrated -c i receive the challenge invalid error and it it times out.

Below is the status from the staging directory CA=“

processing with alternative names:

  • Creating new directory /etc/dehydrated/certs/ …
  • Signing domains…
  • Generating private key…
  • Generating signing request…
  • Requesting new certificate order from CA…
  • Received 2 authorizations URLs from the CA
  • Handling authorization for
  • Handling authorization for
  • 2 pending challenge(s)
  • Deploying challenge tokens…
  • Responding to challenge for authorization…
  • Challenge is valid!
  • Responding to challenge for authorization…
  • Challenge is valid!
  • Cleaning challenge tokens…
  • Requesting certificate…
  • Checking certificate…
  • Done!
  • Creating fullchain.pem…
  • Done!

My domain is:

I ran this command: /usr/bin/dehydrated -c

It produced this output:

This is the out put from the production directory CA=“

ERROR: Challenge is invalid! (returned: invalid) (result: {
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching Timeout during connect (likely firewall problem)”,
“status”: 400

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): slackware current

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): dehydrated 0.6.5

1 Like

It is difficult to say with certainty, but I would not rule out:

  • staging environment is using a previously (cached) approved authorization.
  • LE prefers IPv6 when available; your name has IPv4 and IPv6 and there is a problem with IPv6.

I can’t test nor prove presumption #1, but for #2:

curl -Iki4
HTTP/1.1 301 Moved Permanently
Date: Sun, 02 Feb 2020 03:38:07 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.1.1d PHP/7.3.12
Content-Type: text/html; charset=iso-8859-1

curl -Iki6
curl: (7) Failed to connect to port 80: No route to host

[added note: HTTPS via IPv6 also FAILS - routing issue]
curl -Iki6
curl: (7) Failed to connect to port 443: No route to host


Hey RG305 i recreated the exact steps on how i managed to produce the staging certs. When I deleted the staging cert to produce the production certs I forgot to turn off the Apache SSL engine. Once i turned it off the production certs for and were both created successful.

I don’t understand how ip6 fails. Im pretty sure i have it turned on everywhere. Anyway, thanks for your quick response.

Sincerely, dave g.