Could not issue/renew Let's Encrypt certificates for Administrator


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pixelcreative.it

I ran this command: plesk plugin

It produced this output:

Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/ukdkDkGOxGBNrJQ2LxEHGSvSTAj3f78XrOcIIHPXXXX.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching http://pixelcreative.it/.well-known/acme-challenge/Gkew_hYSK9olGK4vP1WQi6wruTmZY7uzCDy5LV9XXXX: Timeout

My web server is (include version): CentOS 7.x 64bit - Plesk Onyx

The operating system my web server runs on is (include version): CentOS 7.x 64bit

My hosting provider, if applicable, is: PixelCreative

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Onyx 17.5.3

I can’t update the SSL of my website. For the other website at the sam IP the certificate has been installed and update correctly.
Help me please.


#2
pixelcreative.it.  (unsigned)  21600  A     217.61.14.183
pixelcreative.it.  (unsigned)  21600  AAAA  2a00:6d41:10:1cb7::1

Connecting to the site over IPv6 seems to time out. You should fix the IPv6 connectivity, or remove the AAAA record.


#3

Hi thank you for reply,
I set the record AAAA after the certificate had not already been renewed. I read a post that said to set also the aaaa record with ipv6. So I try it. But the problem there was already before. The first email that reported the problem is March 6th:

Data: 6 marzo 2018 05:28:07 CET

Could not secure domains of Administrator (login admin) with Let’s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

The following domains have been secured without some of their Subject Alternative Names:

Could not renew Let’s Encrypt certificates for Administrator (login admin). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let’s Encrypt certificates has failed:

* ‘Lets Encrypt pixelcreative.it’ [days to expire: 18]
_ [-] pixelcreative.it_
_ [-] www.pixelcreative.it_

_ Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/RtF4oG3RXdsxeI_4Ub-WwQHgmC0_SaxQ8tWsKY7dU-0._
_ Details:_
_ Type: urn:acme:error:unknownHost_
_ Status: 400_
_ Detail: No valid IP addresses found for pixelcreative.it_

The following Let’s Encrypt certificates have been renewed without some of their Subject Alternative Names:

Legend:
[+] This domain is secure. The domain’s SSL/TLS certificate from Let’s Encrypt has been issued/renewed.
[-] This domain is not secure. Either the domain’s SSL/TLS certificate from Let’s Encrypt could not be issued/renewed or the domain name was excluded from the certificate. Renew the certificate manually or request a new one to secure this domain.

before this email the certificate has always been renewed and I have not changed any DNS settings. I pointed a redirect towards a subdomain cocin.pixelcreative.it. Probably is here the problem.


#4

I delete the record A of the domain with the redirect and now the certificate is renewed.
Thank you for support


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.