ISPConfig + LetsEncrypt = 404


#1

Hello! I’m searching all the internet for the fix to this issue, hope anyone here could help me.
This is a very strange behaviour, first because it was working before with the defaults configurations and then stops working after using letsencrypt as command for the panel’s domain, and second because I have done the same on a second server and everything woks fine.

My domain are:
http://bdisistema.ml/.well-known/acme-challenge/
http://smbienestar.tk/.well-known/acme-challenge/

I ran this command:
letsencrypt certonly -d bdisistema.ml --manual
and created the file on /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/U-K52YA1Zx8wnb_DZ45r8bYd1MFFBIK4fqdxjyP6QFA witch is visible from any web browser.

It produced this output:
Failed authorization procedure. bdisistema.ml (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bdisistema.ml/.well-known/acme-challenge/U-K52YA1Zx8wnb_DZ45r8bYd1MFFBIK4fqdxjyP6QFA: "
Mon May 7 13:02:08 -03 2018
Mon May 7 13:02:08 -03 2018 404 Not Found
Mon May 7 13:02:08 -03 2018
Mon May 7 13:02:08 -03 2018

Not Found

My web server is (include version):
Apache/2.4.18

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider is:
Linode

I can login to a root shell on my machine:
Yes, SSH.

I’m using a control panel to manage my site:
IspConfig 3.1.11

The default configuration for Apache has an alias on /etc/apache/sites-enabled/ispconfig.conf pointing */.well-known to /usr/local/ispconfig/interface/acme/.well-known

I have run the letsencript, certbot and ispconfig methods for apply for the certificate, without results.

Note: Before running the letsencrypt command for getting a certificate for ispconfig:8080 all worked fine from the ispconfig’s panel.

Thanks!


#2

Hi @andresj551,

Your domains are using IPv6 and IPv4 addresses. LE prefers IPv6 over IPv4 so it will try to reach the challenges using the IPv6 address for your domain but your server is not serving the same content for IPv6 and IPv4:

Using IPv4:

$ curl -4ikL http://smbienestar.tk/.well-known/acme-challenge/index.html
HTTP/1.1 200 OK
Date: Mon, 07 May 2018 16:35:02 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 07 May 2018 16:06:15 GMT
ETag: "d-56b9fd976eecc"
Accept-Ranges: bytes
Content-Length: 13
Content-Type: text/html

Hello World!

Using IPv6:

$ curl -6ikL http://smbienestar.tk/.well-known/acme-challenge/index.html
HTTP/1.1 404 Not Found
Date: Mon, 07 May 2018 16:35:07 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/acme-challenge/index.html was not found on this server.</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at smbienestar.tk Port 80</address>
</body></html>

You should fix the server’s conf for IPv6 or remove the AAAA records for your domains.

Cheers,
sahsanu


#3

Thanks Sahsanu!

I will search how to enable IPv6 on this new server, anyways it’s working on my other server…

Regards!


#4

I did remove the AAAA record for the IPv6 address and worked!

Sometime in the future I will config apache to respond to IPv6 requests, like my other server.

Thanks you a lot!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.