Error getting validation data urn:ietf:params:acme:error:connection

jenda · January 23, 2020, 9:14am

I am unable to issue a certificate with Let’s Encrypt. I was able to access the token file (in .well-known/…) manually without issues.

My domain is: doplnkyprokaravany.cz.nahled.blueghost.cz

I ran this command: not sure, it was done through our VPS providers’ UI

It produced this output:
{
“identifier”: {
“type”: “dns”,
“value”: “doplnkyprokaravany.cz.nahled.blueghost.cz”
},
“status”: “invalid”,
“expires”: “2020-01-30T08:49:17Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://www.doplnkyprokaravany.cz.nahled.blueghost.cz/.well-known/acme-challenge/JhD-T4DDiX2wbIat4iQaK7oPrqYdytzxWJ43Oqg3t6c: Error getting validation data”,
“status”: 400
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/2430015689/fA9H4Q”,
“token”: “JhD-T4DDiX2wbIat4iQaK7oPrqYdytzxWJ43Oqg3t6c”,
“validationRecord”: [
{
“url”: “http://doplnkyprokaravany.cz.nahled.blueghost.cz/.well-known/acme-challenge/JhD-T4DDiX2wbIat4iQaK7oPrqYdytzxWJ43Oqg3t6c”,
“hostname”: “doplnkyprokaravany.cz.nahled.blueghost.cz”,
“port”: “80”,
“addressesResolved”: [
“185.64.216.245”,
“2a00:1ed0:95::b”
],
“addressUsed”: “2a00:1ed0:95::b”
},
{
“url”: “http://doplnkyprokaravany.cz.nahled.blueghost.cz/.well-known/acme-challenge/JhD-T4DDiX2wbIat4iQaK7oPrqYdytzxWJ43Oqg3t6c”,
“hostname”: “doplnkyprokaravany.cz.nahled.blueghost.cz”,
“port”: “80”,
“addressesResolved”: [
“185.64.216.245”,
“2a00:1ed0:95::b”
],
“addressUsed”: “185.64.216.245”
},
{
“url”: “http://www.doplnkyprokaravany.cz.nahled.blueghost.cz/.well-known/acme-challenge/JhD-T4DDiX2wbIat4iQaK7oPrqYdytzxWJ43Oqg3t6c”,
“hostname”: “www.doplnkyprokaravany.cz.nahled.blueghost.cz”,
“port”: “80”,
“addressesResolved”: [
“185.64.216.245”,
“2a00:1ed0:95::b”
],
“addressUsed”: “2a00:1ed0:95::b”
}
]
}
]
}

My web server is (include version): Apache

The operating system my web server runs on is (include version): Debian 9.11

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes

_az · January 23, 2020, 9:19am

Your IPv6 address rejects connections: https://letsdebug.net/doplnkyprokaravany.cz.nahled.blueghost.cz/95114

Usually Let’s Encrypt falls back to IPv4 when encountering an issue with an IPv6 address, but for some kinds of network errors (such as connecting to a bad IPv6 address after an HTTP redirect), it hard fails. This seems to be one of those cases.

Either fix your IPv6 connectivity or remove the AAAA record from your domain.

jenda · January 23, 2020, 9:42am

Thank you for your swift response, we will fix the IPv6 configuration and try again.

system · February 22, 2020, 9:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.