Impossible to renew certifications

raphyney · June 19, 2018, 7:30pm

Hi, I have some issues to renew my certificates (on two different domains). I tested them and they work, but it might be complicate if they do for only 90 month

My domain is: alisapolischuk.com & raphaelfiquet.pro

I ran this command: sudo certbot renew --dry-run

It produced this output:
Attempting to renew cert (alisapolischuk.com) from /etc/letsencrypt/renewal/alisapolischuk.com.conf produced an unexpected error: Failed authorization procedure. alisapolischuk.com (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, www.alisapolischuk.com (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, raphaelfiquet.pro (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, www.raphaelfiquet.pro (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/alisapolischuk.com/fullchain.pem (failure)

My web server is (include version): Apache/2.4.25

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

_az · June 19, 2018, 10:22pm

You might want to try after waiting some time for the condition to subside. Could just be a temporarily glitch on the staging server (that you can ignore, since it won’t affect production renewal).

Apart from the internal Let’s Encrypt error, you also may want to check your AAAA/IPv6 records for all domains, since that address is not responding to traffic.

@cpu @jsha

raphyney · June 20, 2018, 12:56am

thank you for your answer!

ok, I’ll try again tomorrow to see if it works any better.

hum, that’s surprising, the IPv6 is set on all my DNS zone

_az · June 20, 2018, 12:59am

Sorry, I meant that while the IPv6 record is present, the server isn’t actually responsive to traffic over that address.

# curl -i -6 -m 10 raphaelfiquet.pro
curl: (28) Connection timed out after 10001 milliseconds

Though lately I think Let’s Encrypt are falling back to IPv4.

jsha · June 20, 2018, 1:01am

I suspect the error (which looks like an internal error) is actually indicating that validation failed from one of the remote VAs (in staging, we validate from multiple viewpoints). That could happen, for instance, if your IPv6 address is routable from some locations on the Internet but not others. I’ll have to double-check that that’s the error one would expect.

raphyney · June 20, 2018, 4:47am

Hum, that seems indeed pretty linked to IPv6 in this case !

I have some new strange behaviors occurring :

I added a new virtualHost on my serveur with a new domain, and while trying to give it a certificate, here’s what happens :

Failed authorization procedure. iris-paris.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://iris-paris.fr/.well-known/acme-challenge/VaInetwByd2OKGw_Fx6jTj_5NaTj0OMRezxV5H5snxM: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", www.iris-paris.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.iris-paris.fr/.well-known/acme-challenge/daDRvwiUY1v-wX6zz17dlrUUS28D6IYnrebPr1nhg18: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: iris-paris.fr
   Type:   unauthorized
   Detail: Invalid response from
   http://iris-paris.fr/.well-known/acme-challenge/VaInetwByd2OKGw_Fx6jTj_5NaTj0OMRezxV5H5snxM:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   Domain: www.iris-paris.fr
   Type:   unauthorized
   Detail: Invalid response from
   http://www.iris-paris.fr/.well-known/acme-challenge/daDRvwiUY1v-wX6zz17dlrUUS28D6IYnrebPr1nhg18:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

and really surprising, this domain actually redirect to https://alisapolischuk.com, my other domain. I have no clue why o.O

system · July 20, 2018, 4:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.