Can't renew - new ISP - router can't loopback

I got the renewal reminder email. I’m trying to renew for the first time.
Note that about two weeks ago I changed ISPs from AT&T to Comcast.
Unfortunately, the new router doesn’t let me access my site by host name www.jtlanguage.com from within my home network.
But I can reference my site on my phone with the data connection.
I can access the challenge file on my phone, though it does get redirected to https.

www.jtlanguage.come
letsencrypt --renew

Renewing certificate for IIS www.jtlanguage.com (C:\JTLanguageWeb) Renew After 8/21/2017
Authorizing Identifier www.jtlanguage.com Using Challenge Type http-01
Writing challenge answer to C:\JTLanguageWeb.well-known/acme-challenge/Z0JG0P–JgTZEzZx9UwpRJaW95JX8bVZsieSA-F-x00
Writing web.config to add extensionless mime type to C:\JTLanguageWeb.well-known\acme-challenge\web.config
Answer should now be browsable at http://www.jtlanguage.com/.well-known/acme-challenge/Z0JG0P--JgTZEzZx9UwpRJaW95JX8bVZsieSA-F-x00
Submitting answer
Refreshing authorization
Refreshing authorization
Authorization Result: invalid
Authorization Failed invalid


The ACME server was probably unable to reach http://www.jtlanguage.com/.well-known/acme-challenge/Z0JG0P--JgTZEzZx9UwpRJaW95JX8bVZsieSA-F-x0
0

Check in a browser to see if the answer file is being served correctly. If it is, also check the DNSSEC configuration.
Authorize failed: This could be caused by IIS not being setup to handle extensionless static files.Here’s how to fix that:
1.In IIS manager goto Site/ Server->Handler Mappings->View Ordered List
2.Move the StaticFile mapping above the ExtensionlessUrlHandler mappings. (like this http://i.stack.imgur.com/nkvrL.png)
3.If you need to make changes to your web.config file, update the one at C:\Tools\letsencrypt-win-simple-master\letsencrypt-win-simple\bin\D
ebug\web_config.xml


Renewal failed IIS www.jtlanguage.com (C:\JTLanguageWeb) Renew After 8/21/2017, will retry on next run
Press enter to continue.

Windows 8.1
IIS 8.5
Comcast ISP

nslookup -type=A www.jtlanguage.com
Server: cdns01.comcast.net
Address: 75.75.75.75

Non-authoritative answer:
Name: jtlanguage.com
Address: 24.6.132.61
Aliases: www.jtlanguage.com

Thanks.

-John

Hi @jtsoftware,

Since a few months, Let’s Encrypt prefers IPv6 over IPv4 and your domain have both, A and AAAA records but it is not reachable using IPv6.

$ curl -6vikL http://www.jtlanguage.com/.well-known/acme-challenge/Z0JG0P--JgTZEzZx9UwpRJaW95JX8bVZsieSA-F-x00
*   Trying 2601:647:4480:cb0f:f1e7:8ff4:5962:9c68...
* TCP_NODELAY set
* connect to 2601:647:4480:cb0f:f1e7:8ff4:5962:9c68 port 80 failed: Connection timed out
* Failed to connect to www.jtlanguage.com port 80: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to www.jtlanguage.com port 80: Connection timed out

And that is the reason for the error during the renew. You should fix the IPv6 connectivity or remove the AAAA records for your domain.

Cheers,
sahsanu

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.