No request from Let's Encrypt Server on certain domain


#1

I am using the acme client to generate certificates for the customers hosted on our server. It all works fine for all domain except one.

./acme-client.phar issue --server letsencrypt --storage certificates --domains zorbas-tegernsee.bayern,www.zorbas-tegernsee.bayern --path …/public:…/public --bits 4096

This runs into an invalid challenge. The server is configured correctly, the first check of the tool from the own webserver is delivered with 200. In our access logs I normally see 2 requests for a certificate issue. The first one is the check from of the acme client, the second one from the let’s encrypt server. But for this domain, I don’t see any request from the let’s encrypt server. The DNS looks fine, I can’t see any problem on our site. How do I debug, which request the let’s encrypt servers do exactly?


#2

Your IPv4 and IPv6 addresses for that domain return different content: https://letsdebug.net/zorbas-tegernsee.bayern/1682

That can account for the missing request (it’s going to a different server, as instructed by DNS).


#3

Thanks a lot! We haven’t seen it! The domain owner changed from another service to ours and obviously forgot to change the aaaa entry. we will contact the domain owner to also point the ipv6 to our server or remove the aaaa entry.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.