LetsEncrypt error A and AAAA

Help
1

Hi guys,

I create this post because I didn’t find any solution for my problem. I try to implement SSL support on my OVH dedicated server with Debian 9 and Apache 2. I try to create SSL certificate for my domain but it’s impossible. I try to remove AAAA value, add it, … no solution :confused:

My domain is: fwoptimisation.com

I ran this command: certbot certonly --webroot -w /home/fwo/www -d www.fwoptimisati on.com -d fwoptimisation.com

It produced this output:

Failed authorization procedure. fwoptimisation.com (http-01): urn:ietf:params:ac                         me:error:unauthorized :: The client lacks sufficient authorization :: The key au                         thorization file from the server did not match this challenge [4HgJeti87LuHwbiUI                         hWQxar393cQIJitgryRLswFPDU.6OYAUOucp5RtvAjd24Zn9Iwfe324uhHdc2rNILdZVgc] != [4HgJ                         eti87LuHwbiUIhWQxar393cQIJitgryRLswFPDU.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5                         Gd8]

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: fwoptimisation.com
    Type: unauthorized
    Detail: The key authorization file from the server did not match
    this challenge
    [4HgJeti87LuHwbiUIhWQxar393cQIJitgryRLswFPDU.6OYAUOucp5RtvAjd24Zn9Iwfe324uhHd c2rNILdZVgc]
    !=
    [4HgJeti87LuHwbiUIhWQxar393cQIJitgryRLswFPDU.4E3VCTFsySjUrqnCg0ooULx-3kbdPByg i0aWkvg5Gd8]

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Deibna 9, apache 2 and PHP 7

My hosting provider is: OVH

You can find my DNS configuration below:

fwoptimisation.com. 0 AAAA 2001:41d0:202:100:91:134:128:126

fwoptimisation.com. 0 A 91.134.128.126

www.fwoptimisation.com. 0 AAAA 2001:41d0:202:100:91:134:128:126

www.fwoptimisation.com. 0 A 91.134.128.126

my redirects:

fwoptimisation.com vers un serveur (ipv4 - A) 91.134.128.126
www.fwoptimisation.com vers un serveur (ipv4 - A) 91.134.128.126
fwoptimisation.com vers un serveur (ipv6 - AAAA) 2001:41d0:202:100:91:134:128:126
www.fwoptimisation.com vers un serveur (ipv6 - AAAA) 2001:41d0:202:100:91:134:128:126

Thanks for your help.

Mathieu.

2

Hi @fauveauxm

there is an "echo result". Checking your domain (via https://check-your-website.server-daten.de/?q=fwoptimisation.com ):

Domainname Http-Status redirect Sec. G
http://fwoptimisation.com/
91.134.128.126 -11 0.050 S
ServerProtocolViolation - The server committed a protocol violation. Section=ResponseStatusLine
http://fwoptimisation.com/
2001:41d0:202:100:91:134:128:126 -11 0.054 S
ServerProtocolViolation - The server committed a protocol violation. Section=ResponseStatusLine
http://www.fwoptimisation.com/
91.134.128.126 200 0.163 H
http://www.fwoptimisation.com/
2001:41d0:202:100:91:134:128:126 -14 21.020 T
Timeout - The operation has timed out
https://fwoptimisation.com/
91.134.128.126 -11 0.717 S
ServerProtocolViolation - The server committed a protocol violation. Section=ResponseStatusLine
https://fwoptimisation.com/
2001:41d0:202:100:91:134:128:126 -11 0.697 S
ServerProtocolViolation - The server committed a protocol violation. Section=ResponseStatusLine
https://www.fwoptimisation.com/
91.134.128.126 200 1.380 I
https://www.fwoptimisation.com/
2001:41d0:202:100:91:134:128:126 200 0.990 I
http://fwoptimisation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
91.134.128.126 200 0.054
Visible Content: check-your-website-dot-server-daten-dot-de.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8
http://fwoptimisation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:41d0:202:100:91:134:128:126 -14 10.026 T
Timeout - The operation has timed out
Visible Content:
http://www.fwoptimisation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
91.134.128.126 200 0.050
Visible Content: check-your-website-dot-server-daten-dot-de.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8
http://www.fwoptimisation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:41d0:202:100:91:134:128:126 -14 10.027 T
Timeout - The operation has timed out

http doesn't really work. But checking the (not existing) url

 http://www.fwoptimisation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

you see the curious answer:

check-your-website-dot-server-daten-dot-de.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8

The first part is the (random) file name. The second part is the hash of a Letsencrypt public account key. With a different value - your own key has the value

6OYAUOucp5RtvAjd24Zn9Iwfe324uhHd c2rNILdZVgc

Sometimes hoster use such a solution to create Letsencrypt certificates.

And it's possible that you use server management software with that behaviour.

Perhaps use that software to create certificates.

1 Like
3

Hi JuergenAuer,

Thank you for your answer and yes it is strange these results.
How can I define where the source of the problem comes from? Do you have any idea?

About a software, I didn’t find anything on the OVH forums or anything else.

Mathieu.

4

Check the header box to see the headers. The headers with these answer are completely different.

Visible Content: check-your-website-dot-server-daten-dot-de.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8
Content-Security-Policy: default-src 'none'
Content-Type: text/plain
Feature-Policy: geolocation 'none'; camera 'none'; payment 'none'
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Date: Tue, 16 Apr 2019 14:13:25 GMT
Content-Length: 86
Connection: close
X-IPLB-Instance: 5425

The last row:

X-IPLB-Instance: 5425

It's your own server or it's something from your hoster, before the GET-request is answered by your server.

There

is something. Looks like OVH loadbalancer use such Headers.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.