Impossible to renew certifications


#1

Hi, I have some issues to renew my certificates (on two different domains). I tested them and they work, but it might be complicate if they do for only 90 month :confused:

My domain is: alisapolischuk.com & raphaelfiquet.pro

I ran this command: sudo certbot renew --dry-run

It produced this output:
Attempting to renew cert (alisapolischuk.com) from /etc/letsencrypt/renewal/alisapolischuk.com.conf produced an unexpected error: Failed authorization procedure. alisapolischuk.com (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, www.alisapolischuk.com (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, raphaelfiquet.pro (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed, www.raphaelfiquet.pro (http-01): urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Remote PerformValidation RPCs failed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/alisapolischuk.com/fullchain.pem (failure)

My web server is (include version): Apache/2.4.25

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


Http-01 challenge failing for alternate requests
#2

You might want to try after waiting some time for the condition to subside. Could just be a temporarily glitch on the staging server (that you can ignore, since it won’t affect production renewal).

Apart from the internal Let’s Encrypt error, you also may want to check your AAAA/IPv6 records for all domains, since that address is not responding to traffic.

@cpu @jsha


#3

thank you for your answer!

ok, I’ll try again tomorrow to see if it works any better.

hum, that’s surprising, the IPv6 is set on all my DNS zone


#4

Sorry, I meant that while the IPv6 record is present, the server isn’t actually responsive to traffic over that address.

# curl -i -6 -m 10 raphaelfiquet.pro
curl: (28) Connection timed out after 10001 milliseconds

Though lately I think Let’s Encrypt are falling back to IPv4.


Issue of new certificates failure (connection refused)
#5

I suspect the error (which looks like an internal error) is actually indicating that validation failed from one of the remote VAs (in staging, we validate from multiple viewpoints). That could happen, for instance, if your IPv6 address is routable from some locations on the Internet but not others. I’ll have to double-check that that’s the error one would expect.


#6

Hum, that seems indeed pretty linked to IPv6 in this case !

I have some new strange behaviors occurring :

I added a new virtualHost on my serveur with a new domain, and while trying to give it a certificate, here’s what happens :

Failed authorization procedure. iris-paris.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://iris-paris.fr/.well-known/acme-challenge/VaInetwByd2OKGw_Fx6jTj_5NaTj0OMRezxV5H5snxM: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", www.iris-paris.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.iris-paris.fr/.well-known/acme-challenge/daDRvwiUY1v-wX6zz17dlrUUS28D6IYnrebPr1nhg18: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: iris-paris.fr
   Type:   unauthorized
   Detail: Invalid response from
   http://iris-paris.fr/.well-known/acme-challenge/VaInetwByd2OKGw_Fx6jTj_5NaTj0OMRezxV5H5snxM:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   Domain: www.iris-paris.fr
   Type:   unauthorized
   Detail: Invalid response from
   http://www.iris-paris.fr/.well-known/acme-challenge/daDRvwiUY1v-wX6zz17dlrUUS28D6IYnrebPr1nhg18:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

and really surprising, this domain actually redirect to https://alisapolischuk.com, my other domain. I have no clue why o.O


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.