Impossible to get a new ssl certificate

Hi,
I have some issue while renewing my ssl certificate.

My domain is: nouvellescreches.fr

I ran this command: renew my ssl certificate on plesk

It produced this output:
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/05dt-C4uD9nYj_cFg3QPE8YwAjP93Sdfe0tcM1zyhPM.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://www.nouvellescreches.fr/.well-known/acme-challenge/cTIk77RFBH58jgYlgZcNAFOewtHGgWDba6b_Sg7t4IM: Error getting validation data

My web server is (include version): 46.105.28.234
[Plesk Onyx 17.8.11 update n° 48]

The operating system my web server runs on is (include version): Ubuntu 14.04.6 LTS‬

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): command not found…

Thanks for your time and help, as every body it’s not the best time for having this issue.
TIA,
Regards,
Erwan

Hi @zedude22

you have ipv4- and ipv6 - addresses ( https://check-your-website.server-daten.de/?q=nouvellescreches.fr ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
nouvellescreches.fr A 46.105.28.234 yes 1 0
AAAA 2001:41d0:401:3000::5de8 yes
www.nouvellescreches.fr A 46.105.28.234 yes 1 0
AAAA 2001:41d0:401:3000::5de8 yes

But your ipv6 doesn’t answer, there are only timeouts:

Domainname Http-Status redirect Sec. G
http://nouvellescreches.fr/
46.105.28.234 301 https://www.nouvellescreches.fr/ 0.037 E
http://www.nouvellescreches.fr/
46.105.28.234 301 https://www.nouvellescreches.fr/ 0.043 A
http://nouvellescreches.fr/
2001:41d0:401:3000::5de8 -14 10.020 T
Timeout - The operation has timed out
http://www.nouvellescreches.fr/
2001:41d0:401:3000::5de8 -14 10.030 T
Timeout - The operation has timed out
https://nouvellescreches.fr/
46.105.28.234 301 https://www.nouvellescreches.fr/ 0.483 N
Certificate error: RemoteCertificateChainErrors
https://nouvellescreches.fr/
2001:41d0:401:3000::5de8 -14 10.033 T
Timeout - The operation has timed out
https://www.nouvellescreches.fr/
46.105.28.234 200 0.257 N
Certificate error: RemoteCertificateChainErrors
https://www.nouvellescreches.fr/
2001:41d0:401:3000::5de8 -14 10.026 T
Timeout - The operation has timed out
http://nouvellescreches.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
46.105.28.234 301 https://www.nouvellescreches.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.044 E
Visible Content: 301 Moved Permanently nginx
http://www.nouvellescreches.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
46.105.28.234 301 https://www.nouvellescreches.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.040 A
Visible Content: 301 Moved Permanently nginx
http://nouvellescreches.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:41d0:401:3000::5de8 -14 10.023 T
Timeout - The operation has timed out
Visible Content:
http://www.nouvellescreches.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:41d0:401:3000::5de8 -14 10.027 T
Timeout - The operation has timed out
Visible Content:
https://www.nouvellescreches.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -14 10.030 T
Timeout - The operation has timed out
Visible Content:

Is your ipv6 configured?

PS: Letsencrypt prefers ipv6, so this is critical.

More specifically, connecting to http://www.nouvellescreches.fr/ or https://www.nouvellescreches.fr/ using IPv6 results in a “No route to host” error.

Thank you Juergen, do you know how can I configure IPV6 for my domain?

I will check with my provider while it seems to be well configured. My domain point to the IPV6 adress transmitted by my vps provider…

Well, it’s not working…

It could be that the IP address is incorrect (a typo?), or the OS’s networking configuration is incorrect, or there’s a firewall blocking everything, or an outage, or something else…

I’ll check with my provider and update the ticket. But thanks a lot.
Regards,
Erwan

Perhaps remove the ipv6 address, then create a new certificate and install it.

So you can replace your expired certificate:

CN=nouvellescreches.fr
	05.01.2019
	05.04.2019
7 days expired	
nouvellescreches.fr, www.nouvellescreches.fr - 2 entries

Then try to fix your ipv6 - without a new dns entry. You can check your ipv6 directly ( https://check-your-website.server-daten.de/?q=2001%3A41d0%3A401%3A3000%3A%3A5de8 ).

If that works, then add the new dns entry.

So your website should work and doesn’t use a not working dns entry.

Hi @JuergenAuer,
What happened was I have a IPV6 address declared on my domain and not configured on my server.
I removed the IPV6 adresse from my domain and I managed to get a certificate. I will have to configure an IPV6 for my server and then add the address to my domain. But for now it works and it’s not under pressure. Thanks a lot for your help. The topic is closed for me.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.