Domain name cannot get certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ideatech.email

I ran this command:Certificate auto-application script (included in the panel)

It produced this output:

[2019-03-03 12:56:17] LEScript.INFO: Account already registered. Continuing.
[2019-03-03 12:56:17] LEScript.INFO: Starting certificate generation process for domains
[2019-03-03 12:56:17] LEScript.INFO: Requesting challenge for ideatech.email
[2019-03-03 12:56:17] LEScript.INFO: Sending signed request to /acme/new-authz
[2019-03-03 12:56:18] LEScript.INFO: Got challenge token for ideatech.email
[2019-03-03 12:56:18] LEScript.INFO: Token for ideatech.email saved at /opt/www//.well-known/acme-challenge/RlMjnrc-GRtCpJxFRLMHobKOlfDICyrK0n-wZHbxqXk and should be available at http://ideatech.email/.well-known/acme-challenge/RlMjnrc-GRtCpJxFRLMHobKOlfDICyrK0n-wZHbxqXk

My web server is (include version): vps

The operating system my web server runs on is (include version): centos7 + Docker

My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don’t know):YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): [poste.io mailserver] 2.1.1

Hi @ideatech

you have ipv4- and ipv6 - addresses (checked with https://check-your-website.server-daten.de/?q=ideatech.email ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
ideatech.email A 212.71.248.93 yes 1 0
AAAA 6:2a01:7e00:0:f03c:91ff:feed:fbb4 yes
www.ideatech.email A 212.71.248.93 yes 1 0
AAAA yes

Your ipv4 is ok, there is a correct answer.

But your ipv6 has a timeout:

Domainname Http-Status redirect Sec. G
http://ideatech.email/
212.71.248.93 302 http://ideatech.email/webmail/ 0.043 D
http://www.ideatech.email/
212.71.248.93 302 http://www.ideatech.email/webmail/ 0.043 D
http://www.ideatech.email/webmail/ 301 https://www.ideatech.email/webmail/ 0.043 A
http://ideatech.email/
6:2a01:7e00:0:f03c:91ff:feed:fbb4 -14 10.024 T
Timeout - The operation has timed out
http://ideatech.email/webmail/ -14 10.024 T
Timeout - The operation has timed out
https://ideatech.email/
212.71.248.93 302 https://ideatech.email/webmail/ 1.507 N
Certificate error: RemoteCertificateNameMismatch
https://www.ideatech.email/
212.71.248.93 302 https://www.ideatech.email/webmail/ 1.263 B
https://ideatech.email/
6:2a01:7e00:0:f03c:91ff:feed:fbb4 -14 10.026 T
Timeout - The operation has timed out
https://ideatech.email/webmail/ -14 10.023 T
Timeout - The operation has timed out
https://www.ideatech.email/webmail/ 200 1.244 B
http://ideatech.email/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
212.71.248.93 404 0.043 A
Not Found
Visible Content: File not found.
http://ideatech.email/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
6:2a01:7e00:0:f03c:91ff:feed:fbb4 -14 10.023 T
Timeout - The operation has timed out
Visible Content:
http://www.ideatech.email/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
212.71.248.93 404 0.044 A
Not Found
Visible Content: File not found.

If you use http-01 validation, Certbot creates a file in /.well-known/acme-challenge, Letsencrypt checks that file. And prefers ipv6.

But checking such a file via ipv6 -> timeout.

So remove your ipv6 or check your server configuration if ipv6 is configured. Then recheck the domain with the tool to see, if ipv6 answers.

If yes, try to create a new certificate.

Hello, thank you for your reply.
I checked that the address of ipv6 is wrong. Now I have fixed this address and can detect the new address with ping. But my attempt to apply has not been successful.

[2019-03-03 13:46:10] LEScript.INFO: Account already registered. Continuing.
[2019-03-03 13:46:10] LEScript.INFO: Starting certificate generation process for domains
[2019-03-03 13:46:10] LEScript.INFO: Requesting challenge for ideatech.email
[2019-03-03 13:46:10] LEScript.INFO: Sending signed request to /acme/new-authz
[2019-03-03 13:46:11] LEScript.INFO: Got challenge token for ideatech.email
[2019-03-03 13:46:11] LEScript.INFO: Token for ideatech.email saved at /opt/www//.well-known/acme-challenge/RlMjnrc-GRtCpJxFRLMHobKOlfDICyrK0n-wZHbxqXk and should be available at http://ideatech.email/.well-known/acme-challenge/RlMjnrc-GRtCpJxFRLMHobKOlfDICyrK0n-wZHbxqXk

thank! Looking forward to your comments

https://www.dynu.com/en-US/NetworkTools/DNSLookup?Host=ideatech.email&RecordType=PTR&PublicNameServer=8.8.8.8&IsEDnsEnabled=True

Rechecked your domain via https://check-your-website.server-daten.de/?q=ideatech.email

there is the same ipv6 address. But now ipv4 and ipv6 works, both have a new Letsencrypt certificate, created today.

CN=ideatech.email
	03.03.2019
	01.06.2019
expires in 90 days	ideatech.email, imap.ideatech.email, 
mail.ideatech.email, smtp.ideatech.email, www.ideatech.email - 5 entries

Glad that he can work now.
Thank you very much!

1 Like

Hello there@
I am trying to apply for a dev.ideatech.email domain name certificate, but he has not succeeded.The error message is as follows:

[2019-03-07 14:54:05] LEScript.INFO: Account already registered. Continuing.
[2019-03-07 14:54:05] LEScript.INFO: Starting certificate generation process for domains
[2019-03-07 14:54:05] LEScript.INFO: Requesting challenge for dev.ideatech.email
[2019-03-07 14:54:05] LEScript.INFO: Sending signed request to /acme/new-authz

Looking forward to your help
thank!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.