Fetching problem but open ports

I have a Raspberry connected in my LAN.
I have opened both ports 80 and 443 (to 80 and 443 of my Raspberry).
I controlled that these access are OK.
I tried to install Let’s Encrypt but the message is always the same :

sudo /opt/letsencrypt/letsencrypt-auto --apache --email xxxxx@gmail.com -d xxxxx.freeboxos.fr

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxx.freeboxos.fr
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. xxxxx.freeboxos.fr (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xxxxx.freeboxos.fr/.well-known/acme-challenge/xJNgOpBaagNZRomoVEMfYjrLYe8nD831lzrXNhtj-oo: Timeout


  • The following errors were reported by the server:

    Domain: xxxxx.freeboxos.fr
    Type: connection
    Detail: Fetching

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

I can however reach my domain :slight_smile:

ping xxxxx.freeboxos.fr

PING xxxxx.freeboxos.fr (xx.190.159.16) 56(84) bytes of data.
64 bytes from sal69-10-xx-190-159-16.fbxo.proxad.net (xx.190.159.16): icmp_seq=1 ttl=64 time=0.440 ms
64 bytes from sal69-10-xx-190-159-16.fbxo.proxad.net (xx.190.159.16): icmp_seq=2 ttl=64 time=0.500 ms
64 bytes from sal69-10-xx-190-159-16.fbxo.proxad.net (xx.190.159.16): icmp_seq=3 ttl=64 time=0.476 ms

xxxxx.freeboxos.fr ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2042ms
rtt min/avg/max/mdev = 0.440/0.472/0.500/0.024 ms

Is that problem due to recent issue with the certification or have I a dysfunction with my configuration ?


Please specify the affected domain name here, otherwise helping you means looking into crystal balls.

The domain name is :

when I try to join from my LAN my Raspberry :

Bad Request
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please. => OK

OK, at least from my point, I can access port 80 of that given hostname without a timeout. Maybe you just have to try it again.

Same response here… no change
Is it correct to redirect the port 80 to the same port in my Raspberry ?
I tried both 80 => 80 and 80 => 443 without any success !!

In most cases this will be fine. You should definitely not redirect 80->443 because 443 is for encrypted http (https) only.

Yes… but I do not know what else to try :wink:

I tried to do that

sudo ./certbot-auto -a standalone -i apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): bulledo.freeboxos.fr
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bulledo.freeboxos.fr
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

Is it possible to uninstall everything to start from a “blank page” ?

The underlying problem is that you have an AAAA record advertising an IPv6 address (2a01:e35:8be9:f100::1) for your server, but your server does not actually answer connections to this address. You should fix your IPv6 configuration (including making sure that your web server is listening to IPv6 requests, not just IPv4 requests), or else remove this AAAA record.

Thanks for your answer Shoen… how can I remove this AAAA record from my system. Is it from the conf of Apache2 or Raspberry or firewall ?

It’s in your DNS settings. That depends on how your DNS is managed. It’s not a part of your server at all, but rather a part of your domain.

Another question is where the record came from (who created it, and why did the person or organization who created it think that that particular IPv6 address would work for you?).

So I am not able to master it…
I have to find an other way to solve the problem.
An idea ?

You’ll need to answer requests on IPv6 or else remove that DNS record. Otherwise, Let’s Encrypt can’t issue you a certificate. As far as I know, there is no workaround for this.

There is an alternative way to prove your control over a domain name, called DNS-01, which is not affected by this—but DNS-01 requires being able to create new custom DNS entries. If you can’t remove an AAAA record from your DNS, I doubt you’ll be able to create a custom TXT record either!

Let’s Encrypt is trying to confirm people’s control over domain names based on the official information about those domain names in the DNS system. The AAAA record says, on behalf of the owner of the domain, “if you want to connect to bulledo.freeboxos.fr, you can reach it over IPv6 at 2a01:e35:8be9:f100::1”. Let’s Encrypt therefore believes this claim and effectively says “if you want to prove that you control the domain name, you should be able to answer requests at that IP address”.

1 Like

Thank you Schoen :ok_hand: … I will try to find a solution… maybe find an other DNS

So I Change the DNS. I used a dynamic DNS to redirect my requests and now it woks fine…
It did really come from my passed DNS
Thanks for the help…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.