"Failed authorization procedure" only for jkru.de

Please fill out the fields below so we can help you better.

My domain is: jkru.de

I ran this command: certbot --apache -d jkru.de

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for jkru.de
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. jkru.de (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested ed74c50cd787fb339cb53ac8bdf869ea.690ef01a4e86faab87a890b62f86520e.acme.invalid from [2a00:5080:1:37::1]:443. Received 2 certificate(s), first certificate had names “cloud.lukas-middendorf.de, cloud.tuxforce.de, middendorf-cloud.de, neu.tuxforce.de”

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: jkru.de
  Type: unauthorized
  Detail: Incorrect validation certificate for tls-sni-01 challenge.
  Requested
  ed74c50cd787fb339cb53ac8bdf869ea.690ef01a4e86faab87a890b62f86520e.acme.invalid
  from [2a00:5080:1:37::1]:443. Received 2 certificate(s), first
  certificate had names “cloud.lukas-middendorf.de,
  cloud.tuxforce.de, middendorf-cloud.de, neu.tuxforce.de”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address.

My web server is (include version):
Ubuntu 16.04.2 LTS

The operating system my web server runs on is (include version):
VServer…

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no.

Remarks:

• I have nothing to do with the mentioned domains cloud.lukas-middendorf.de cloud.tuxforce.de, middendorf-cloud.de, neu.tuxforce.de
• Until March the automatic renewal of the domain jkru.de worked perfect.
• After a lot of unsuccessfull tries to renew the domain, I removed all files created or changed by letsencrypt or certbot and tried to install the certificates completely new, with the result shown above.

Did you previously have an AAAA record for jkru.de? I don't see one now, but based on this output it appears that an IPv6 address was returned for a lookup for jkru.de at the time of the error.

Let's Encrypt recently began preferring IPv6 addresses when advertised which may be part of why this failed when it used to work.

Thank you for the response.
I use a virtual server from a provider. I never defined any AAAA - recors and the web frontend, theat the provider offers to work on the DNS zone, did not show any.
I contacted my provider and they actually found wrong AAAA records in my domain and removed them.

The renewal of the ceritficates is now working again.

Neither my provider nor I have any idea, how the worng records came into my domain and why they where not visible in the web frontend.

Nevertheless, thanks for help.

Wow that's very odd!!! I'm glad you were able to get it resolved. Thanks for following up to let us know everything is working again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.