Can't renew - new ISP - router can't loopback

I got the renewal reminder email. I’m trying to renew for the first time.
Note that about two weeks ago I changed ISPs from AT&T to Comcast.
Unfortunately, the new router doesn’t let me access my site by host name from within my home network.
But I can reference my site on my phone with the data connection.
I can access the challenge file on my phone, though it does get redirected to https.

letsencrypt --renew

Renewing certificate for IIS (C:\JTLanguageWeb) Renew After 8/21/2017
Authorizing Identifier Using Challenge Type http-01
Writing challenge answer to C:\JTLanguageWeb.well-known/acme-challenge/Z0JG0P–JgTZEzZx9UwpRJaW95JX8bVZsieSA-F-x00
Writing web.config to add extensionless mime type to C:\JTLanguageWeb.well-known\acme-challenge\web.config
Answer should now be browsable at
Submitting answer
Refreshing authorization
Refreshing authorization
Authorization Result: invalid
Authorization Failed invalid

The ACME server was probably unable to reach

Check in a browser to see if the answer file is being served correctly. If it is, also check the DNSSEC configuration.
Authorize failed: This could be caused by IIS not being setup to handle extensionless static files.Here’s how to fix that:
1.In IIS manager goto Site/ Server->Handler Mappings->View Ordered List
2.Move the StaticFile mapping above the ExtensionlessUrlHandler mappings. (like this
3.If you need to make changes to your web.config file, update the one at C:\Tools\letsencrypt-win-simple-master\letsencrypt-win-simple\bin\D

Renewal failed IIS (C:\JTLanguageWeb) Renew After 8/21/2017, will retry on next run
Press enter to continue.

Windows 8.1
IIS 8.5
Comcast ISP

nslookup -type=A

Non-authoritative answer:



Hi @jtsoftware,

Since a few months, Let’s Encrypt prefers IPv6 over IPv4 and your domain have both, A and AAAA records but it is not reachable using IPv6.

$ curl -6vikL
*   Trying 2601:647:4480:cb0f:f1e7:8ff4:5962:9c68...
* connect to 2601:647:4480:cb0f:f1e7:8ff4:5962:9c68 port 80 failed: Connection timed out
* Failed to connect to port 80: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to port 80: Connection timed out

And that is the reason for the error during the renew. You should fix the IPv6 connectivity or remove the AAAA records for your domain.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.