Challenge is lost by a failing callback. It that a IPv6 issue?


#1

Hi folks,
i get error messages but i have no idea why. Can it be a IPv6 issue?

My domain is:

the-independent-friend.de and olaf-radicke.de

I ran this command:

./certbot-auto certonly --nginx --email briefkasten@olaf-radicke.de --agree-tos -d the-independent-friend.de,olaf-radicke.de --debug-challenges -v

It produced this output:

… to much output for my first posting, says the Software.

My web server is (include version):

[root@lvps92-51-165-102 ~]# yum info nginx
Loaded plugins: etckeeper, fastestmirror
Loading mirror speeds from cached hostfile

The operating system my web server runs on is (include version):

[root@lvps92-51-165-102 opt]# cat /etc/releas
CentOS Linux release 7.5.1804 (Core)
Derived from Red Hat Enterprise Linux 7.5 (Source)
NAME=“CentOS Linux”
VERSION=“7 (Core)”
ID=“centos”
ID_LIKE=“rhel fedora”
VERSION_ID=“7”
PRETTY_NAME=“CentOS Linux 7 (Core)”
ANSI_COLOR=“0;31”
CPE_NAME=“cpe:/o:centos:centos:7”
HOME_URL=“https://www.centos.org/
BUG_REPORT_URL=“https://bugs.centos.org/

CENTOS_MANTISBT_PROJECT=“CentOS-7”
CENTOS_MANTISBT_PROJECT_VERSION=“7”
REDHAT_SUPPORT_PRODUCT=“centos”
REDHAT_SUPPORT_PRODUCT_VERSION=“7”

CentOS Linux release 7.5.1804 (Core)
CentOS Linux release 7.5.1804 (Core)
cpe:/o:centos:centos:7

My hosting provider, if applicable, is:

Hosteurope

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

Further information…

I can call the challenge page successfully:

[or@augsburg02 ~]$ wget the-independent-friend.de/.well-known/acme-challenge/WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ
–2018-05-16 12:56:38-- http://the-independent-friend.de/.well-known/acme-challenge/WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ
Resolving the-independent-friend.de (the-independent-friend.de)… 92.51.165.102, 2a01:488:42:1000:50ed:8499:db:fa85
Connecting to the-independent-friend.de (the-independent-friend.de)|92.51.165.102|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 87 [text/plain]
Saving to: ‘WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ’

WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ 100%[=====================================================================================================>] 87 --.-KB/s in 0s

2018-05-16 12:56:38 (8.00 MB/s) - ‘WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ’ saved [87/87]

[or@augsburg02 ~]$ cat ./WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ
WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ.rb5-A8RugQbdS0PS4a7yi4MlV3eK8K0iznYZkW49b8U[or@augsburg02 ~]$

But in the Logs you don’t see the certbot:

[root@lvps92-51-165-102 opt]# tail -n 6 /var/log/nginx/access.log
91.42.40.143 - - [16/May/2018:12:55:45 +0200] “GET /.well-known/acme-challenge/WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ HTTP/1.1” 200 87 “-” “Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0” “-”
91.42.40.143 - - [16/May/2018:12:56:38 +0200] “GET /.well-known/acme-challenge/WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ HTTP/1.1” 200 87 “-” “Wget/1.19.5 (linux-gnu)” “-”
189.78.95.205 - - [16/May/2018:12:56:55 +0200] “GET / HTTP/1.1” 200 90535 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7” “-”

[root@lvps92-51-165-102 opt]# grep “WviMYjRHA_u9REOVcUEAIPzi4hS7TO2coBIoH31_fHQ” /var/log/nginx/error.log | wc -l
0

I am at a loss

Best wishes,

Olaf


#2

Your assumption seems to be true:

https://letsdebug.net/the-independent-friend.de/584


#3

Thank you @bytecamp. Now the dns entry is fixed and I gets my certs.