Can't generate production certs

Im successful generating staging certs, what when i remove the certs and change to the production directory CA=“” and execute /usr/bin/dehydrated -c i receive the challenge invalid error and it it times out.

Below is the status from the staging directory CA=“

processing with alternative names:

  • Creating new directory /etc/dehydrated/certs/ …
  • Signing domains…
  • Generating private key…
  • Generating signing request…
  • Requesting new certificate order from CA…
  • Received 2 authorizations URLs from the CA
  • Handling authorization for
  • Handling authorization for
  • 2 pending challenge(s)
  • Deploying challenge tokens…
  • Responding to challenge for authorization…
  • Challenge is valid!
  • Responding to challenge for authorization…
  • Challenge is valid!
  • Cleaning challenge tokens…
  • Requesting certificate…
  • Checking certificate…
  • Done!
  • Creating fullchain.pem…
  • Done!

My domain is:

I ran this command: /usr/bin/dehydrated -c

It produced this output:

This is the out put from the production directory CA=“

ERROR: Challenge is invalid! (returned: invalid) (result: {
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching Timeout during connect (likely firewall problem)”,
“status”: 400

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): slackware current

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): dehydrated 0.6.5

1 Like

It is difficult to say with certainty, but I would not rule out:

  • staging environment is using a previously (cached) approved authorization.
  • LE prefers IPv6 when available; your name has IPv4 and IPv6 and there is a problem with IPv6.

I can’t test nor prove presumption #1, but for #2:

curl -Iki4
HTTP/1.1 301 Moved Permanently
Date: Sun, 02 Feb 2020 03:38:07 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.1.1d PHP/7.3.12
Content-Type: text/html; charset=iso-8859-1

curl -Iki6
curl: (7) Failed to connect to port 80: No route to host

[added note: HTTPS via IPv6 also FAILS - routing issue]
curl -Iki6
curl: (7) Failed to connect to port 443: No route to host


Hey RG305 i recreated the exact steps on how i managed to produce the staging certs. When I deleted the staging cert to produce the production certs I forgot to turn off the Apache SSL engine. Once i turned it off the production certs for and were both created successful.

I don’t understand how ip6 fails. Im pretty sure i have it turned on everywhere. Anyway, thanks for your quick response.

Sincerely, dave g.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.