Failed authorization procedure. - new certbot-auto

Server
1

Hello. I just installed new version of certbot-auto. When I try to generate new certificate of existing domain (renew), it works but creating a new certificate is not successful.

I use Apache/2.4.10 (Debian 8.7), no nginx.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: tests2.jsemtu.cz
    Type: connection
    Detail: Fetching
    http://tests2.jsemtu.cz/.well-known/acme-challenge/cWNMSOy4szxnpU9Hk2hZ26SMfnAyw6b4PfHCxSdcebU:
    Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

2

You’re providing an IPv6 address for that domain name:

;; ANSWER SECTION:
tests2.jsemtu.cz.	1800	IN	AAAA	2a02:2b88:2:1::5c03:1

But there isn’t anything listening on port 80 on that IP(v6) address:

osiris@desktop ~ $ telnet 2a02:2b88:2:1::5c03:1 80
Trying 2a02:2b88:2:1::5c03:1...
telnet: connect to address 2a02:2b88:2:1::5c03:1: Connection timed out
osiris@desktop ~ $

To fix this, you can either:

  • fix your IPv6 connectivity, depending on the problem which causes this unconnectivity
  • delete the AAAA record to disable IPv6 for that domain al together.
1 Like
3

Thank you, that was the problem. Settings for ipv6 from /etc/network/interfaces just “dissapeared”.

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.