Getting timeout when renewing certificate


#1

My domain is: givingtools.com

I ran this command: certbot --renew-by-default -n --webroot --webroot-path “$stackDir/var/acme-challenge” certonly givingtools.com www.givingtools.com api.givingtools.com admin.givingtools.com obj.givingtools.com blog.givingtools.com

It produced this output: https://gist.github.com/chris13524/9871eb085a9ec6b76402d099ced0f34a

My web server is (include version): Nginx v1.13.3

The operating system my web server runs on is (include version): The official Nginx Docker image v1.13.3

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

As far as I’m aware, this is the same code I’ve been using to renew my certificates. I thought there was some issue at Let’s Encrypt preventing this as it was so unexpected. I can curl these challenge files just fine, so I’m not sure what the issue could be.

Thanks!


#2

Hi,

It seems that your ipv6 address of all domains (which is the same) is not reachable.
Letsencrypt prefer ipv6 than ipv4, so please try remove the ipv6 record and try again.

By the way, letsencrypt now supports wildcard certificates via dns, which could save your time.

Thank you

P.S. corrected by @jmorahan for letsencrypt ipv6 preference


#3

Thanks for your response!

Hmm, that’s odd. I can reproduce the IPv6 connection issue on my end. Is it new that Certbot prefers IPv6? I’m assuming it has since forever and something is wrong with my provider or something.

I think we’ll be sticking to http verification for the short term if possible.


#4

It’s Let’s Encrypt rather than Certbot that prefers IPv6, and it has done so since May 2017.


#5

I ended up fixing it by installing the ubuntu-fan package which was preventing cloud-init from continuing to setup the IPv6 address.

Thanks for you help!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.