Lets encrypt failing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: uc.hilt.glas.grosven.com
My web server is (include version): Mitel standard Linux 10.6
The operating system my web server runs on is (include version): CENTOS 6 6
I can login to a root shell on my machine (yes or no, or I don’t know): yes

Im running a mitel linux server on a private LAN behind a router/firewall. it has the lets encrypt built in,
and I have nat/port forward the port 443 from the outside (public IP Address) to the inside server (Private IP Address). The server itself has full access to the internet and I can remotely browse to the server using the domain name. but when I try to use the lets encrypt it just sits there saying “enabled, transaction in progress” but that’s it. if I click off the CA page and back on it, says disabled.

Is there anything else, other port numbers I need to allow on the router/firewall, or am I missing something. ?

Hi @braindead

you have ipv4- and ipv6 - addresses ( https://check-your-website.server-daten.de/?q=uc.hilt.glas.grosven.com ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
uc.hilt.glas.grosven.com A 5.2.114.191
Newbury/West Berkshire/GB yes 1 0
AAAA 2001:8d8:1001:518:bd8a:7ab7:9532:d042
Karlsruhe/Baden-Wurttemberg/DE yes
www.uc.hilt.glas.grosven.com A 5.2.114.191
Newbury/West Berkshire/GB yes 1 0
AAAA 2001:8d8:1001:518:bd8a:7ab7:9532:d042
Karlsruhe/Baden-Wurttemberg/DE yes

But your ipv4 doesn't answer.

And checking a (not existing) file in /.well-known/acme-challenge there is a http status 204 - not the expected status 404 (Not Found).

Domainname Http-Status redirect Sec. G
http://uc.hilt.glas.grosven.com/
5.2.114.191 -14 10.027 T
Timeout - The operation has timed out
http://uc.hilt.glas.grosven.com/
2001:8d8:1001:518:bd8a:7ab7:9532:d042 200 0.127 H
http://www.uc.hilt.glas.grosven.com/
5.2.114.191 -14 10.027 T
Timeout - The operation has timed out
http://www.uc.hilt.glas.grosven.com/
2001:8d8:1001:518:bd8a:7ab7:9532:d042 200 0.137 H
https://uc.hilt.glas.grosven.com/
5.2.114.191 -14 10.033 T
Timeout - The operation has timed out
https://uc.hilt.glas.grosven.com/
2001:8d8:1001:518:bd8a:7ab7:9532:d042 -10 0.047 P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.
https://www.uc.hilt.glas.grosven.com/
5.2.114.191 -14 10.027 T
Timeout - The operation has timed out
https://www.uc.hilt.glas.grosven.com/
2001:8d8:1001:518:bd8a:7ab7:9532:d042 -10 0.047 P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.
http://uc.hilt.glas.grosven.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
5.2.114.191 -14 10.024 T
Timeout - The operation has timed out
Visible Content:
http://uc.hilt.glas.grosven.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:8d8:1001:518:bd8a:7ab7:9532:d042 204 0.054 A
Visible Content:
http://www.uc.hilt.glas.grosven.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
5.2.114.191 -14 10.027 T
Timeout - The operation has timed out
Visible Content:
http://www.uc.hilt.glas.grosven.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:8d8:1001:518:bd8a:7ab7:9532:d042 204 0.053 A
Visible Content:

Is that 2001 - ipv6 really your ip address?

You need an open port 80. Letsencrypt prefers ipv6, so the http status 204 - No Content is critical.

And why doesn't ipv4 work?

Perhaps your router configuration is wrong or you don't have the correct ipv6 setup.

A typical ipv4/ipv6 problem: Ipv4 works, ipv6 doesn't. But your ipv4 has a timeout.

I have no idea where that IPv6 address is coming from as I don’t have IPv6 enabled on my server.
I ran the command “” ifconfig -a | grep inet6 “” which came back blank

I have opened port 80 as well but still the same…

It's not your server configuration, it's your dns management.

There is an AAAA (ipv6) record defined.

I got rid of the IPv6 address as it was the DNS management, but its not made any difference as its still the same when I try to get a ca cert allocated on the server.

Yep, there is a newer check of your domain ( https://check-your-website.server-daten.de/?q=uc.hilt.glas.grosven.com ) - only timeouts.

Works ipv4 internal?

Is there a firewall or a blocking / wrong configured router?

Looks like that

doesn't really work.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.