Certbot authorization procedure fails

Dears,

my domain is registered and DNS managed with namecheap.

My domain is:

I ran this command:
certbot renew

It produced this output:
Attempting to renew cert from /etc/letsencrypt/renewal/longrunplan.com.conf produced an unexpected error: Failed authorization procedure. longrunplan.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://longrunplan.com/.well-known/acme-challenge/3peW_6yKRmWEh9sHgIlQe3s7jikxqxFgTplnaonJ1E0: Timeout. Skipping.

My web server is (include version):
I’m running on a linode CentOS 7 and nginx

I have root access, and testing the .well-known folder proves that its accessible via a browser.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no.

many thanks!

You have an AAAA DNS record but your server doesn’t seem to respond on ipv6. You should fix your server to work on ipv6 or remove the AAAA record.

1 Like

Wow thanks, I would’ve never thought about it… good catch!

how does a server should respond to IPv6?

This solved 2 domains I had this issue with, I removed their AAAA DNS records, and the renewal worked.

I’m left with a single domain (countcrm.com) on that same server, that has a reverse proxy defined in linode, and properly defined in godaddy (this is the DNS in this case), and it still gives the same error.

any idea?

This domain has an AAAA record set which isn’t even reachable via ping. Port 80 isn’t reachable, too.

Right - again you have an AAAA record, but the server (or proxy I guess?) doesn’t respond on IPv6. Check that it’s pointed at the correct address for the proxy, that the proxy is listening on IPv6, that there are no firewalls blocking access, etc.

If you can’t get the proxy to work with IPv6 then you need to remove the AAAA record, just like the other domains. I guess the procedure to do that is different on godaddy, but what needs to be done is the same.

Thanks both,
I removed AAAA completely, this was not playing well with Linode’s proxy for some reason.

much obliged, problem solved!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.