Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My web server is (include version):
Server version: Apache/2.4.43 (Unix)
The operating system my web server runs on is (include version):
Mageia 7 5.5.15-desktop-3.mga7
My hosting provider, if applicable, is:
1and1
I can login to a root shell on my machine (yes or no, or I donât know):
Yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot):
certbot 1.3.0
I recently renewed certificates for bach.gemmill.name and share.gemmill.name, resident on machine bach.gemmill.name. The A and AAAA records for the successful domains and the unsuccessful one appear identical.
see your output. Your ipv6 sends a http status 204 - No Content. Looks like ipv6 is defined, but your webserver doesn't answer with the correct result.
Deleted the AAAA record and re-ran certbot-auto: same result
Re-created the AAAA record. same result
3.. The "check-your-website" data for share.gemmill.name and bach.gemmill.name show the same difference between A and AAAA records; they were renewed successfully a couple of days ago
DNS changes can take time to propagate. Did you get an error with an IPv4 address this time? Or still the IPv6 addres? If it's the latter: please wait longer until the TTL for the AAAA record has expired. If it's the former: the error would be different that time, please include that different error message in your post.
Yes, your IPv6 is still doing remarkably weird things:
curl -Lv4 http://handel.gemmill.name/ gives a "It works!" result.
curl -Lv6 http://handel.gemmill.name/ gives a HTML redirect (which is weird enough without a HTTP redirect) to the URL "defaultsite";
curl -Lv4 http://handel.gemmill.name/.well-known/ gives a proper 404 File not found reply from the server with token "Apache/2.4.43 (Mageia) OpenSSL/1.1.0l PHP/7.3.16";
curl -Lv6 http://handel.gemmill.name/.well-known/ gives a 404 File not found reply from a webserver with token "Apache" and gives me links to the links /./ and /../ as documents found similar to my request..??
curl -Lv4 http://handel.gemmill.name/.well-known/acme-challenge/ gives a proper 404 again like the /.well-known/ path above for IPv4.
curl -Lv6 http://handel.gemmill.name/.well-known/acme-challenge/ gives the HTTP 204 error. But now it comes from a nginx/1.10.3 webserver according to the HTTP server header?!? What gives?
So in my opinion: your IPv6 is behaving very differently from your IPv4 address. It looks like it's a different server altogether.
I would recommend either fix your IPv6, fix the AAAA record or delete it again and wait for the deletion to propagate.
Whatâs next? Do I have to get IONOS involved? I didnât think there were IPv6 processes running on this machine, but I see from "Advanced (Network) Settings, IPv6 is not disabled.
Thanks for your continuing help.
Graeme
Yes. I remember from early experience with LetsEncrypt that if I selected the --apache option, I got a message saying that this option wasnât tested with Mageia installations, so I used standalone.
Perhaps anticipating the next suggestion, I restarted Apache and issued:
sudo /usr/local/bin/certbot-auto --apache -d handel.gemmill.name
Caused errors:
File: /etc/httpd/conf.d/le_http_01_challenge_pre.conf - Could not be found to be deleted
Certbot probably shut down unexpectedly
File: /etc/httpd/conf.d/le_http_01_challenge_post.conf - Could not be found to be deleted
Certbot probably shut down unexpectedly
An unexpected error occurred:
IOError: [Errno 2] No such file or directory: â/etc/httpd/conf.d/le_http_01_challenge_pre.confâ
On my system there is no /etc/httpd/conf.d/
There is however /etc/httpd/conf/conf.d/
However it doesnât contain any *_pre.conf or *_post.conf files
Why is it an error if a file to be deleted isnât there?