Error 400 renewing expired certificate

The error from Let’s Encrypt is a bit vague and unhelpful, but I think I’ve identified the cause.

When accessing your domain over its IPv6 address and port 443, it doesn’t seem to go to your Apache server (or when Apache isn’t running, Lego).

Take for instance:

$ curl -X GET -I -6 https://monoviajero.com
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

Doesn’t seem to talk SSL. Maybe it’s misconfigured and talking normal HTTP?

$ curl -X GET -I -6 http://monoviajero.com:443
HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 03 Dec 2019 20:26:45 GMT
Content-Type: text/html
Content-Length: 248
Connection: close

It seems to be an nginx server!

Could you check that 2001:8d8:100f:f000::238 is the correct IPv6 address for your domain?

Even weirder, port 80 on that same IPv6 address is Apache:

$ curl -X GET -I -6 http://monoviajero.com
HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 1364
Connection: keep-alive
Keep-Alive: timeout=15
Date: Tue, 03 Dec 2019 20:27:59 GMT
Server: Apache
X-Frame-Options: deny
2 Likes