Failed authorization procedure all domains


#1

Hello,

i tried to run renew process for my domains but all domains end with same error:

./scripts/cert.sh com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
----------------------------------------------------------------------
1: Nginx Web Server plugin - Alpha (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
----------------------------------------------------------------------
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator standalone, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for silviosiefke.com
http-01 challenge for www.silviosiefke.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. silviosiefke.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://silviosiefke.com/.well-known/acme-challenge/Z4x1q2W1WxWWYXqO9XBFb7mKRfxZ4rSZPuM5oi3hiIU: Timeout

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: silviosiefke.com
   Type:   connection
   Detail: Fetching
   http://silviosiefke.com/.well-known/acme-challenge/Z4x1q2W1WxWWYXqO9XBFb7mKRfxZ4rSZPuM5oi3hiIU:
   Timeout

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I have flushed the nameserver from google and all dig commands imaging the right ip. I really not understand what is here wrong.

My domain is: silviosiefke.com, silviosiefke.de, silviosiefke.fr

I run the follow script:
  #!/bin/bash

  domain=$1

  case "$domain" in
    fr)
      certbot certonly --rsa-key-size 4096 -d silviosiefke.fr -d www.silviosiefke.fr
    ;;

    de)
      certbot certonly --rsa-key-size 4096 -d silviosiefke.de -d www.silviosiefke.de
    ;;

    com)
      certbot certonly --rsa-key-size 4096 -d silviosiefke.com -d www.silviosiefke.com
    ;;

    *)
      cat <<-"EOH"

        com > silviosiefke.com
        de  > silviosiefke.de
        fr  > silviosiefke.fr
      EOH
    ;;1.12.2-r1
  esac

I use nginx-1.12.2-r1 on Gentoo Linux and hosted by OVH.

Logfile > https://silviosiefke.com/letsencrypt.txt

Thank you for advice.

Silvio


#2

Your domain’s IPv6 address is pointing to a host that is not responding to HTTP requests.

$ curl -v -6 --connect-timeout 10 -i silviosiefke.com
* About to connect() to silviosiefke.com port 80 (#0)
*   Trying 2001:41d0:8:6d5e::1...
* Connection timed out after 10002 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 10002 milliseconds

Let’s Encrypt will fail to validate your domain if you advertise an AAAA record that isn’t accessible.


#3

Hello,

yes thank you I not understand why is ipv6 filtered but okay I delete the AAAA and now it’s okay. Thank you so much.

Silvio


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.