Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: certbot --apache -w /var/www/camelothost.com/web/ -d camelothost.com -d www.camelothost.com -d server1.camelothost.com -d mail.camelothost.com --agree-tos -m email@example.com
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for camelothost.com
http-01 challenge for www.camelothost.com
http-01 challenge for server1.camelothost.com
http-01 challenge for mail.camelothost.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.camelothost.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.camelothost.com/.well-known/acme-challenge/KsfSSX8544yFLG8FSiRBHvvsWc2k8A-naGf-k9igwz4: Timeout, mail.camelothost.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.camelothost.com/.well-known/acme-challenge/asQHF9gHATlbZ38P5nNnn5xsYyUdT-YQOBcNbPxHLgM: Timeout, server1.camelothost.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://server1.camelothost.com/.well-known/acme-challenge/uSko6U-2Orbz_UbEpN9X3nVS-iUNlgm4K3pvsqz-d0A: Timeout, camelothost.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://camelothost.com/.well-known/acme-challenge/tXAH_5zDNaG4JzU86njHcjr13WaopFDbGgsSMmkMyL4: Timeout
Your server does not seem to be responding to HTTP requests via IPv6.
The validation server uses IPv6 as long as you have an AAAA record in your DNS, so you should either fix your server so that it responds correctly on IPv6, or remove the AAAA record.
The following errors were reported by the server:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
Server version: Apache/2.4.6 (CentOS)
Server built: Oct 19 2017 20:39:16
The operating system my web server runs on is (include version):
Linux version 3.10.0-693.21.1.el7.x86_64 (firstname.lastname@example.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Wed Mar 7 19:03:37 UTC 2018
CentOS Linux 7 (Core)
My hosting provider, if applicable, is: VPS on Digital Ocean (All DNS and nameservers are served off thte VPS)
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, ispconfig 3.x
I set up the server using these instructions:
When I had issues with Let’s Encrypt I tried to use git to clone the github version of Let’s Encrypt. Then finally I installed the CentOS letsencrypt packages.
The domain is not the only one setup on the server.
I have both A and AAAA records for the domain
I have checked iptables to make sure there are no rules
I have verified I can write to the webroot as root
I have tried following several things, I’ve also verifed that apache is listening to port 80 and 443
In ispconfig I have a checkbox for Let’s Encrypt however it unchecks and does not do anything.
Thanks for spotting that. My Apache says it is listening to the IPV6 address, so I’ll try to findout why its not responding.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.