Fail to create new certificat [Solved]


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lecarnetblanc.com

I ran this command: sudo certbot --apache -d lecarnetblanc.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lecarnetblanc.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. lecarnetblanc.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://lecarnetblanc.com/.well-known/acme-challenge/R673JJYBPr3ExA3HbLHqceMg8w0vAjfuGShe0zedG1o: "<!doctype html>

<html cla" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. My web server is (include version): Apache 2.4.6 The operating system my web server runs on is (include version): CentOS Linux 7.5.1804 Linux centoserver 3.10.0-862.6.3.el7.x86_64 My hosting provider, if applicable, is: I can login to a root shell on my machine (yes or no, or I don't know): Yes I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin

#2

Hi @diltech

you have two ip-addresses - ipv4 and ipv6.

But the answers are different: https://letsdebug.net/lecarnetblanc.com/2391

[Address Type=IPv4,Server=Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16,HTTP Status=404] vs [Address Type=IPv6,Server=,HTTP Status=302,Number of Redirects=2,Final HTTP Status=200]

Perhaps the ipv6 address points to another server or configuration.

Are http://184.144.176.224/ and http://2602:ff23:0:8888::207/ the same server?

One solution: Remove the ipv6 - address. Create the certificate and install it. Then you have 90 days to fix the error.


#3

:grinning: good, i remove my ipv6 address and now all work. Thanks


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.