LE renew failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:pekatrack.de

I ran this command: PLESK: Press Let"s Encrypt renew button

It produced this output: Fehler: SSL/TLS-Zertifikat von Let’s Encrypt konnte nicht für pekatrack.de ausgestellt werden.

Das Token für die Autorisierung kann nicht unter http://pekatrack.de/.well-known/acme-challenge/RjSDqKms3aQAdyjAcjG-rvvpPrKGdnjUGLjnVDHpyBI aufgerufen werden.
Um das Problem zu beheben, machen Sie die Tokendatei unter dieser URL verfügbar.

Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/NsWI_3mb59o7i_2_o2Yv4xSv41zpRuAGOMjhEyHhQoY.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://pekatrack.de/.well-known/acme-challenge/RjSDqKms3aQAdyjAcjG-rvvpPrKGdnjUGLjnVDHpyBI [2a01:238:42bd:6200:e872:2c:4f97:dc4c]: 404

My web server is (include version):VServer Linux.

The operating system my web server runs on is (include version):Ubuntu 18.04.2. LTS

My hosting provider, if applicable, is: Strato

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk Onyx 17.8.11

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I don"t know how to add the token to the url. maybe i am too confused now…

Hi @Peka

checking your domain there is an untypical server ( https://check-your-website.server-daten.de/?q=pekatrack.de ):

Domainname Http-Status redirect Sec. G
http://pekatrack.de/
85.214.201.177 200 1.256 H
http://pekatrack.de/
2a01:238:42bd:6200:e872:2c:4f97:dc4c 200 0.016 H
http://www.pekatrack.de/
85.214.201.177 200 0.014 H
http://www.pekatrack.de/
2a01:238:42bd:6200:e872:2c:4f97:dc4c 200 0.013 H
https://pekatrack.de/
85.214.201.177 200 0.487 N
Certificate error: RemoteCertificateChainErrors
https://pekatrack.de/
2a01:238:42bd:6200:e872:2c:4f97:dc4c 200 0.197 N
Certificate error: RemoteCertificateChainErrors
https://www.pekatrack.de/
85.214.201.177 200 0.184 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.pekatrack.de/
2a01:238:42bd:6200:e872:2c:4f97:dc4c 200 0.233 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://pekatrack.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
85.214.201.177 404 0.020 A
Not Found
Visible Content: 404 - Not Found
http://pekatrack.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:238:42bd:6200:e872:2c:4f97:dc4c 404 0.013 A
Not Found
Visible Content: 404 - Not Found
http://www.pekatrack.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
85.214.201.177 404 0.010 A
Not Found
Visible Content: 404 - Not Found
http://www.pekatrack.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:238:42bd:6200:e872:2c:4f97:dc4c 404 0.013 A
Not Found
Visible Content: 404 - Not Found

The server is always

Server: Jetty(9.4.14.v20181114)
X-Powered-By: PleskLin
MS-Author-Via: DAV

Looks the Plesk doesn't find the correct webroot of that server.

But: Plesk is a "closed world". Is there an option to define the webroot explicit?

Find your webroot, then create the two subdirectories

yourWebRoot/.well-known/acme-challenge

there a file (file name 1234), then try to load that file via

http://pekatrack.de/.well-known/acme-challenge/1234

Or use my online tool with pekatrack.de/.well-known/acme-challenge/1234 to check ipv4 and ipv6, if that file exists.

Answer should be http status 200, not 404.

1 Like

Dear Juergen, thanks for your help.
Now a file 1234 exist in http://pekatrack.de/.well-known/acme-challenge/
but could not found and get 404

Dear Juergen!
I found a problem with IPv6 configuration in the Apache configuration. The “call” was made to a wrong (or old) IPv6 adress i found in the Plesk Apache" protocol. First i like to update the IPv6 but I do not know how to update and where Apache will stored the wrong IPv6. So my last idea to be sure that i am on a good way, i disable IPv6 on my Strato VServer and run LE renew again. And it works. :slight_smile:
Now i must find out what to do if i enable IPv6 support again.
This is the result of a unknown user with the knowledge of a beginner.
Thanks again for your help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.