Certificate renewal not possible

Elbo · November 20, 2019, 9:09am

Hi,
I have KeyHelp installed on my web server and so far all domains have been running smoothly. Also, the TLS certificate is renewed completely automatically in almost all domains. Only with a domain not more.

Changes were not made. Renewal of certificates runs automatically through KeyHelp. However, I have received two error messages, but I can not interpret and correct them.

Certificate name: www.*****n.de (Let’s Encrypt)
Valid until: 2019-11-17 15:12:38 (0 day(s) left)
Message: Verification ended with an error. Response: {“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:ietf:params:acme:error:connection”,“detail”:“Fetching https://www.*****n.de/.well-known/acme-challenge/6Sfhe4YspsJEpcF6vtKGqqV_QcyxMAJevT4mhJaD5Js: Error getting validation data”,“status”:400},“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/1316189424/-j3hww",“token”:“6Sfhe4YspsJEpcF6vtKGqqV_QcyxMAJevT4mhJaD5Js”,“validationRecord”:[{“url”:“http://www.*****n.de/.well-known/acme-challenge/6Sfhe4YspsJEpcF6vtKGqqV_QcyxMAJevT4mhJaD5Js”,“hostname”:“www.*****n.de”,“port”:“80”,“addressesResolved”:[“94.16.115.118”,“2a03:4000:28:6d0::”],“addressUsed”:“2a03:4000:28:6d0::”},{“url”:“http://www.*****n.de/.well-known/acme-challenge/6Sfhe4YspsJEpcF6vtKGqqV_QcyxMAJevT4mhJaD5Js”,“hostname”:“www.*****n.de”,“port”:“80”,“addressesResolved”:[“94.16.115.118”,“2a03:4000:28:6d0::”],“addressUsed”:“94.16.115.118”},{“url”:“https://www.*****n.de/.well-known/acme-challenge/6Sfhe4YspsJEpcF6vtKGqqV_QcyxMAJevT4mhJaD5Js”,“hostname”:“www.*****n.de”,“port”:“443”,“addressesResolved”:[“94.16.115.118”,“2a03:4000:28:6d0::”],“addressUsed”:"2a03:4000:28:6d0::”}]}

4 minutes before, I got this message:

Certificate name: www.****n.de (Let’s Encrypt)
Valid until: 2019-11-17 15:12:38 (0 day(s) left)
Message: Verification ended with an error. Response: {“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:ietf:params:acme:error:connection”,“detail”:“Fetching https://www.*****n.de/.well-known/acme-challenge/EjKm4LoTnVPP6V3NL1lJ7BygV9xT_B_2WxsUaXDAr50: Error getting validation data”,“status”:400},“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/1316137557/HS20YQ",“token”:“EjKm4LoTnVPP6V3NL1lJ7BygV9xT_B_2WxsUaXDAr50”,“validationRecord”:[{“url”:“http://www.*****n.de/.well-known/acme-challenge/EjKm4LoTnVPP6V3NL1lJ7BygV9xT_B_2WxsUaXDAr50”,“hostname”:“www.*****n.de”,“port”:“80”,“addressesResolved”:[“94.16.115.118”,“2a03:4000:28:6d0::”],“addressUsed”:“2a03:4000:28:6d0::”},{“url”:“http://www.*****n.de/.well-known/acme-challenge/EjKm4LoTnVPP6V3NL1lJ7BygV9xT_B_2WxsUaXDAr50”,“hostname”:“www.*****n.de”,“port”:“80”,“addressesResolved”:[“94.16.115.118”,“2a03:4000:28:6d0::”],“addressUsed”:“94.16.115.118”},{“url”:“https://www.*****n.de/.well-known/acme-challenge/EjKm4LoTnVPP6V3NL1lJ7BygV9xT_B_2WxsUaXDAr50”,“hostname”:“www.*****n.de”,“port”:“443”,“addressesResolved”:[“94.16.115.118”,“2a03:4000:28:6d0::”],“addressUsed”:"2a03:4000:28:6d0::”}]}

JuergenAuer · November 20, 2019, 10:36am

Hi @Elbo

hiding your domain name doesn’t help.

There - https://acme-v02.api.letsencrypt.org/acme/chall-v3/1316189424/-j3hww - is your domain name visible.

Checked via https://check-your-website.server-daten.de/ you have ipv4 and ipv6.

But your ipv6 is broken, only timeouts. Checking your domain Letsencrypt prefers ipv6, so that’s critical.

Remove your ipv6 AAAA records (or, better)
fix your ipv6, so both connections are available

system · December 20, 2019, 10:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.