Hello letsencrypt Team!
I haven't been able to renew certificates for a few days. It works over ipv4 but not ipv6. We are not using iptables and have not made any changes to the domain or firewall. The website can be reached via ipv6 and 4 and on port 80 there is a redirect to 443. This has always worked flawlessly so far!
Tank you for help!
My domain is: zab.ordana.net
I ran this command: Thu, 11 Aug 2022 05:08:33 GMT
It produced this output:
2022-08-11 07:08:33,887:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3301501384:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82NDkwNzg5IiwgIm5vbmNlIjogIjAwMDJoQmRVNlFrdVR0TnVJWEhHQVlnd2hrT0o1V0ljLUlac3dsN0FMTFlaZUhFIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMzMDE1MDEzODQifQ",
"signature": "lIKgDffeFEyJ55IVMgtAex8N2ScJ40PVsUCjVAT5tXfq1Lx2-LcMDzLv1JUMCLWTd5L_3WK3BGVbCY0fx_HgQ6tkLcRssu9QYNPvehGAlxv-_FObcqNkPMHfnSv9uhf51_QgZmoU7J-9vRGHFikON8jUjYIrCp1G5ySw1ovTPp5Ms_Mq7dcJU9UyBRR-dFuEyp3Y6eYcy5Gvx6m0wICuNI7fHwQa-slTO1nthUooCQGwcI-I_NMJWJyvW5-_rf3_x2tVNPCc2cwluUZMJGUuxbMuNgtv7xbL3nuLAMlJNOmkTzbRtJ6HamXO48hYSsA1h6EmmIbv-ZNhBQBJeiwH3w",
"payload": ""
}
2022-08-11 07:08:34,039:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3301501384 HTTP/1.1" 200 1085
2022-08-11 07:08:34,041:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 11 Aug 2022 05:08:33 GMT
Content-Type: application/json
Content-Length: 1085
Connection: keep-alive
Boulder-Requester: 6490789
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001LBgT5A6-OP4IJi711-6XxuQt5zkyAGHs1m6EgmcKLbg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "zab.ordana.net"
},
"status": "invalid",
"expires": "2022-08-18T05:08:32Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a01:4f8:1c0c:80b3::2: Invalid response from http://zab.ordana.net/.well-known/acme-challenge/YJXtpoqNspEIpHpa7kDLz-JmP_FHqaUJTaJFpNGprqo: 400",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3301501384/Sacmvg",
"token": "YJXtpoqNspEIpHpa7kDLz-JmP_FHqaUJTaJFpNGprqo",
"validationRecord": [
{
"url": "http://zab.ordana.net/.well-known/acme-challenge/YJXtpoqNspEIpHpa7kDLz-JmP_FHqaUJTaJFpNGprqo",
"hostname": "zab.ordana.net",
"port": "80",
"addressesResolved": [
"195.201.252.224",
"2a01:4f8:1c0c:80b3::2"
],
"addressUsed": "2a01:4f8:1c0c:80b3::2"
}
],
"validated": "2022-08-11T05:08:32Z"
}
]
}
2022-08-11 07:08:34,042:DEBUG:acme.client:Storing nonce: 0001LBgT5A6-OP4IJi711-6XxuQt5zkyAGHs1m6EgmcKLbg
2022-08-11 07:08:34,042:WARNING:certbot.auth_handler:Challenge failed for domain zab.ordana.net
2022-08-11 07:08:34,043:INFO:certbot.auth_handler:http-01 challenge for zab.ordana.net
2022-08-11 07:08:34,043:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: zab.ordana.net
Type: unauthorized
Detail: 2a01:4f8:1c0c:80b3::2: Invalid response from http://zab.ordana.net/.well-known/acme-challenge/YJXtpoqNspEIpHpa7kDLz-JmP_FHqaUJTaJFpNGprqo: 400
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2022-08-11 07:08:34,045:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-08-11 07:08:34,045:DEBUG:certbot.error_handler:Calling registered functions
2022-08-11 07:08:34,045:INFO:certbot.auth_handler:Cleaning up challenges
2022-08-11 07:08:34,046:DEBUG:certbot.plugins.webroot:Removing /var/www/www.zahnaerzte-am-breidenplatz.de/htdocs/.well-known/acme-challenge/YJXtpoqNspEIpHpa7kDLz-JmP_FHqaUJTaJFpNGprqo
2022-08-11 07:08:34,046:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2022-08-11 07:08:34,047:ERROR:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 320, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
My web server is (include version): Server version: Apache/2.4.41 (Ubuntu), Server built: 2022-06-14T13:30:55
The operating system my web server runs on is (include version): Ubuntu 20.04.4 LTS
My hosting provider, if applicable, is: Hetzner ( vm )
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no (cli only)
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 0.40.0