Certbot (auto)renew failed with apache server on IPV6


#21

I don’t think there’s a very easy way to set up Apache that produces this kind of effect unintentionally!


#22

He has confirmed external access from hotspot so there must be an IPS/firewall/something else in the mix.


#23

Yea, that is really strange, I used my mobile network provider D1 Telecom here in germany and it works for http://ce-stan.feste-ip.net/.well-known/acme-challenge/1234 but it is not working for http://office.feste-ip.net/.well-known/acme-challenge/1234 ??

Could you please retry for http://ce-stan.feste-ip.net/.well-known/acme-challenge/1234


#24

It still doesn’t work for me.

Are you using HTTP or HTTPS?

I can access HTTPS. (Not those files, but the connection works.)

If your browsers have cached a redirect, or HSTS rules, you might not be using HTTP.


#25

There was a typo in it please use:
http://ce-stan.feste-ip.net/.well-known/acme-challenge/1234
instead of
http://ce-stan.feste-ip.net/.well-known/acme_challenge/1234

I will double check and clear browser cache…


#26

Whoops.

One of the files exists over HTTPS, then, but HTTP is still blocked.


#27

Well yes, http is redirected to https, but I don’t get it why it is not reachable via: http://office.feste-ip.net/.well-known/acme-challenge/1234 from the outside world, connected to my LAN the link is working. Connecting from my mobile device it is not…


#28

It seems like you or your ISP are blocking it with a firewall. Most likely.


#29

HTTP FAILS:
--2019-01-14 23:07:10-- (try: 2) http://ce-stan.feste-ip.net/.well-known/acme-challenge/1234
Connecting to ce-stan.feste-ip.net (ce-stan.feste-ip.net)|2a02:908:8a3:1960:921b:eff:fe9f:a15f|:80... failed: Permission denied.
Retrying.

HTTPS SUCCEEDS:
wget https://ce-stan.feste-ip.net/.well-known/acme-challenge/1234
--2019-01-14 23:07:50-- https://ce-stan.feste-ip.net/.well-known/acme-challenge/1234
Resolving ce-stan.feste-ip.net (ce-stan.feste-ip.net)... 2a02:908:8a3:1960:921b:eff:fe9f:a15f
Connecting to ce-stan.feste-ip.net (ce-stan.feste-ip.net)|2a02:908:8a3:1960:921b:eff:fe9f:a15f|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10
Saving to: ‘1234’


#30

Sounds like it’s time to talk with your ISP/HSP about this.


#31

Will do so, thanks for you excellent support…


#32

@JuergenAuer You are in Germany right?

Can you please try to see if the site is accessible at your location?

Thanks!


#33

Yes, but currently this doesn’t help. I can only use ipv4 - checks. Hope that may change, but now ipv6 does not work.


#34

Hi all,

I double checked my router (Fritz Box) and firewall rules were showed correctly.
After a reboot of the router the renewal procedure went through.
Something must have been screwed up or stuck within the router.

Once more thanks all for your support and analysis, Stefan.


#35

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.