Hi, I have some issues to renew my certificates (on two different domains). I tested them and they work, but it might be complicate if they do for only 90 month
It produced this output:
Attempting to renew cert (alisapolischuk.com) from /etc/letsencrypt/renewal/alisapolischuk.com.conf produced an unexpected error: Failed authorization procedure. alisapolischuk.com (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, www.alisapolischuk.com (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, raphaelfiquet.pro (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, www.raphaelfiquet.pro (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/alisapolischuk.com/fullchain.pem (failure)
My web server is (include version): Apache/2.4.25
The operating system my web server runs on is (include version): Debian 9
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
You might want to try after waiting some time for the condition to subside. Could just be a temporarily glitch on the staging server (that you can ignore, since it won’t affect production renewal).
Apart from the internal Let’s Encrypt error, you also may want to check your AAAA/IPv6 records for all domains, since that address is not responding to traffic.
I suspect the error (which looks like an internal error) is actually indicating that validation failed from one of the remote VAs (in staging, we validate from multiple viewpoints). That could happen, for instance, if your IPv6 address is routable from some locations on the Internet but not others. I’ll have to double-check that that’s the error one would expect.
Hum, that seems indeed pretty linked to IPv6 in this case !
I have some new strange behaviors occurring :
I added a new virtualHost on my serveur with a new domain, and while trying to give it a certificate, here’s what happens :
Failed authorization procedure. iris-paris.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://iris-paris.fr/.well-known/acme-challenge/VaInetwByd2OKGw_Fx6jTj_5NaTj0OMRezxV5H5snxM: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", www.iris-paris.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.iris-paris.fr/.well-known/acme-challenge/daDRvwiUY1v-wX6zz17dlrUUS28D6IYnrebPr1nhg18: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: iris-paris.fr
Type: unauthorized
Detail: Invalid response from
http://iris-paris.fr/.well-known/acme-challenge/VaInetwByd2OKGw_Fx6jTj_5NaTj0OMRezxV5H5snxM:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
Domain: www.iris-paris.fr
Type: unauthorized
Detail: Invalid response from
http://www.iris-paris.fr/.well-known/acme-challenge/daDRvwiUY1v-wX6zz17dlrUUS28D6IYnrebPr1nhg18:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
and really surprising, this domain actually redirect to https://alisapolischuk.com, my other domain. I have no clue why o.O