Certification failure, needing help

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: agenciacaput.com

I ran this command: the command is with virtualmin

It produced this output:

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying www.agenciacaput.com.br...
Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 235, in
main(sys.argv[1:])
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 184, in get_crt
domain, challenge_status))
ValueError: www.agenciacaput.com.br challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'192.99.56.202', u'2607:5300:201:3000::39f3'], u'url': u'http://www.agenciacaput.com.br/.well-known/acme-challenge/-9ZlsmIXtgg4Rb3QpHI0E-peDAI87mCE1i6TCf3_ge4', u'hostname': u'www.agenciacaput.com.br', u'addressesTried': , u'addressUsed': u'2607:5300:201:3000::39f3', u'port': u'80'}], u'keyAuthorization': u'-9ZlsmIXtgg4Rb3QpHI0E-peDAI87mCE1i6TCf3_ge4.5gP9cxDS751mabEx7CPLIHcilNPgABhdZEdzNM8MbJE', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/kZFzASRnbWe_2PxEMTIAjn0-85gj9V3oSV-ycZDjcJU/2570364906', u'token': u'-9ZlsmIXtgg4Rb3QpHI0E-peDAI87mCE1i6TCf3_ge4', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Fetching http://www.agenciacaput.com.br/.well-known/acme-challenge/-9ZlsmIXtgg4Rb3QpHI0E-peDAI87mCE1i6TCf3_ge4: Timeout'}, u'type': u'http-01'}

My web server is (include version): nginx the last i think

The operating system my web server runs on is (include version): centos 7

My hosting provider, if applicable, is: ovh.com

I can login to a root shell on my machine.

I'm using a control panel to manage my site: virtualmin

The problem is, everything that i think is tested, but LE don´t work either... I can access the acme challenge, i have created a test.txt file on acme-challenge... i will also need help to use the redirection from http to https because when i use it, i got a 301, so i disabled it temporarly, to make the test, it won´t work either... i dunno what is going on... just need help, the script i use for the acme challenge is the letsencrypt-acme-challenge.conf, and it is working, as it sends the file correctly... the redirection i was using is this:

#if ($scheme = http) {

rewrite ^ https://$host$request_uri? permanent;

#}

any help will be most apreciated! tnx for your time ppl.

2

Is your domain agenciacaput.com or www.agenciacaput.com.br?

Because your log seems to indicate it’s trying to get a certificate for the latter.

It’s failing because that domain has an AAAA record in your DNS, but the server doesn’t respond on IPv6. Assuming it’s the correct domain, you need to fix the server so it responds correctly on IPv6, or remove the AAAA record.

3

They are both, .com.br is an alias… so i have

agenciacaput.com
www.agenciacaput.com
agenciacaput.com.br
www.agenciacaput.com.br

the AAAA is not responding? how can i test it to resolve the problem?

4

Some places aren´t propagated, testes on:

maybe is that?

5

Propagation is not a problem as Let’s Encrypt always queries your authoritative name servers directly.

The problem is that your web server does not respond on the IPv6 address specified in the AAAA record.

I used this to test: http://ipv6-test.com/validate.php

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.