Connection Refused on reissuing certificate from Plesk

My domain is:bluemarbleshop.co.uk

I ran this command: Re-issue certificate from Plesk Obsidian 18.0.30 to include 2 new domain aliases (both have DNS set to same server): bluemarblejewellery.co.uk and bluemarblejewellery.com

It produced this output:
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/8336491087.

Details:

Type: urn:ietf:params:acme:error:connection

Status: 400

Detail: Fetching http://bluemarbleshop.co.uk/.well-known/acme-challenge/OdJQyTaVarRS0oYqus4x7JFVoz-8sWfR_dARqRWTZs8: Connection refused

Full JSON:
{
"identifier": {
"type": "dns",
"value": "bluemarblejewellery.com"
},
"status": "invalid",
"expires": "2020-11-10T15:24:29Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://bluemarbleshop.co.uk/.well-known/acme-challenge/OdJQyTaVarRS0oYqus4x7JFVoz-8sWfR_dARqRWTZs8: Connection refused",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8336491087/cpzCEA",
"token": "OdJQyTaVarRS0oYqus4x7JFVoz-8sWfR_dARqRWTZs8",
"validationRecord": [
{
"url": "http://bluemarblejewellery.com/.well-known/acme-challenge/OdJQyTaVarRS0oYqus4x7JFVoz-8sWfR_dARqRWTZs8",
"hostname": "bluemarblejewellery.com",
"port": "80",
"addressesResolved": [
"87.106.142.212",
"2001:8d8:8a3:ea00::68:93b"
],
"addressUsed": "2001:8d8:8a3:ea00::68:93b"
},
{
"url": "http://bluemarblejewellery.com/.well-known/acme-challenge/OdJQyTaVarRS0oYqus4x7JFVoz-8sWfR_dARqRWTZs8",
"hostname": "bluemarblejewellery.com",
"port": "80",
"addressesResolved": [
"87.106.142.212",
"2001:8d8:8a3:ea00::68:93b"
],
"addressUsed": "87.106.142.212"
},
{
"url": "http://bluemarbleshop.co.uk/.well-known/acme-challenge/OdJQyTaVarRS0oYqus4x7JFVoz-8sWfR_dARqRWTZs8",
"hostname": "bluemarbleshop.co.uk",
"port": "80",
"addressesResolved": [
"87.106.142.212",
"2001:8d8:8a3:ea00::68:93b"
],
"addressUsed": "2001:8d8:8a3:ea00::68:93b"
}
]
}
]
}

My web server is (include version): apache 2.2.15-69.el6.centos

The operating system my web server runs on is (include version):CentOS 6.10

My hosting provider, if applicable, is: IONOS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes Plesk Obsidian 18.0.30

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):N/A

2 Likes

Hi @madadam

checking your domain via https://check-your-website.server-daten.de/?q=bluemarblejewellery.co.uk - that can't work.

You have ipv4 and ipv6:

Host Type IP-Address is auth. ԳŠQueries ԳŠTimeout
bluemarblejewellery.co.uk A 87.106.142.212 Suedweststadt/Baden-W├╝rttemberg/Germany (DE) - SCHLUND Hostname: advic.co.uk yes 2 0
AAAA 2001:8d8:8a3:ea00::68:93b Suedweststadt/Baden-W├╝rttemberg/Germany (DE) - SCHLUND yes
www.bluemarblejewellery.co.uk CNAME bluemarblejewellery.co.uk yes 1 0
A 87.106.142.212 Suedweststadt/Baden-W├╝rttemberg/Germany (DE) - SCHLUND Hostname: advic.co.uk yes
AAAA 2001:8d8:8a3:ea00::68:93b Suedweststadt/Baden-W├╝rttemberg/Germany (DE) - SCHLUND yes

But your ipv4 works via http, your ipv6 not. See the results of the #url-check - part.

Curious: Your https works with ipv6.

So compare your port 80 / port 443 vHost configuration to see, why http doesn't work with ipv6. Add ipv6 support to your http port.

PS: Your other domain may have the same problem, didn't checked it.

3 Likes

It turns out that my Apache config was only listening on the IPv4 address for port 80!

Many thanks @JuergenAuer - this was driving me mad!

4 Likes