Certbot - Renewal Fails due to IPV6 records

In access logs I don’t even see that anybody hit my server. More details here: https://github.com/certbot/certbot/issues/4764

My domain is: wiki.betacoda.cono.org.ua (CNAME)

I ran this command: certbot renew --config-dir /home/letsencrypt/conf --work-dir /home/letsencrypt/work --logs-dir /home/letsencrypt/logs

It produced this output:
b’{\n “identifier”: {\n “type”: “dns”,\n “value”: “wiki.betacoda.cono.org.ua”\n },\n “status”: “invalid”,\n “expires”: “2017-06-15T04:43:03Z”,\n “challenges”: [\n {\n “type”: “dns-01”,\n “status”: “pending”,\n
"uri": “https://acme-v01.api.letsencrypt.org/acme/challenge/_mieQFntkYzGLTUsTJZWLre0dlQE0sx-K691gzH_K00/1298998058”,\n “token”: “5-jx8ru8xevz6-1DE-RbtR7hyzSo2gGt8ekonKGvMho”\n },\n {\n “type”: “http-01”,\n “status”:
“invalid”,\n “error”: {\n “type”: “urn:acme:error:unauthorized”,\n “detail”: “Invalid response from http://wiki.betacoda.cono.org.ua/.well-known/acme-challenge/jKRbmHvMwEDawZYOD8kHADXxTBo8MyRA5VMycT1wxEQ: \”\u003chtml
\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody bgcolor=\“white\”\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003
e\r\n\u003chr\u003e\u003ccenter\u003e\"",\n “status”: 403\n }

My web server is (include version): www-servers/nginx 1.11.3-r100

The operating system my web server runs on is (include version): Gentoo Base System release 2.3

My hosting provider, if applicable, is: Hetzner

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Your FQDN resolves to IPv4 and IPv6 addresses.
LetsEncrypt prefers IPv6.
Ensure you have IPv6 access or remove the IPv6 from the DNS resolution.

wiki.betacoda.cono.org.ua
Name: betacoda.cono.org.ua
Addresses: 2a01:4f8:190:11cc::2
5.9.137.201
Aliases: wiki.betacoda.cono.org.ua

1 Like

wow, you are right! Thanks soo much!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.