Not able to install cert for .sk domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: montemother.sk

I ran this command: I use CWP panel for cert installations for several years but I see this error for the first time - it say pending, please wait but I've wait for whole day with the same result...

It produced this output:

Errors occurred on installation process.

- montemother.sk

Error Message: [Thu Aug 19 08:18:52 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory [Thu Aug 19 08:18:52 CEST 2021] Multi domain='DNS:www.montemother.sk,DNS:montemother.sk' [Thu Aug 19 08:18:53 CEST 2021] Getting domain auth token for each domain [Thu Aug 19 08:18:56 CEST 2021] Getting webroot for domain='www.montemother.sk' [Thu Aug 19 08:18:56 CEST 2021] Getting webroot for domain='montemother.sk' [Thu Aug 19 08:18:56 CEST 2021] Verifying: www.montemother.sk [Thu Aug 19 08:18:57 CEST 2021] Pending, The CA is processing your order, please just wait. (1/30) [Thu Aug 19 08:19:00 CEST 2021] www.montemother.sk:Verify error:Invalid response from http://www.montemother.sk/.well-known/acme-challenge/CsLNYu1hs4aYaoX0n40dTR6JSq8L18gVwhqvLxVfa1A [2a02:4a8:ac24:108::96:166]: [Thu Aug 19 08:19:00 CEST 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log

output from this log:
[Thu Aug 19 08:27:11 CEST 2021] Running cmd: issue
[Thu Aug 19 08:27:11 CEST 2021] _main_domain='www.montemother.sk'
[Thu Aug 19 08:27:11 CEST 2021] _alt_domains='montemother.sk'
[Thu Aug 19 08:27:11 CEST 2021] Using config home:/root/.acme.sh
[Thu Aug 19 08:27:11 CEST 2021] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Thu Aug 19 08:27:11 CEST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Aug 19 08:27:11 CEST 2021] DOMAIN_PATH='/root/.acme.sh/cwp_certs/www.montemother.sk'
[Thu Aug 19 08:27:11 CEST 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 19 08:27:11 CEST 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 19 08:27:11 CEST 2021] Retrying GET
[Thu Aug 19 08:27:11 CEST 2021] GET
[Thu Aug 19 08:27:11 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Aug 19 08:27:11 CEST 2021] timeout=
[Thu Aug 19 08:27:11 CEST 2021] displayError='1'
[Thu Aug 19 08:27:11 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 19 08:27:12 CEST 2021] ret='0'
[Thu Aug 19 08:27:12 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:12 CEST 2021] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu Aug 19 08:27:12 CEST 2021] ACME_NEW_AUTHZ
[Thu Aug 19 08:27:12 CEST 2021] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 19 08:27:12 CEST 2021] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Aug 19 08:27:12 CEST 2021] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Aug 19 08:27:12 CEST 2021] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Aug 19 08:27:12 CEST 2021] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 19 08:27:12 CEST 2021] Le_NextRenewTime
[Thu Aug 19 08:27:12 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 19 08:27:12 CEST 2021] _on_before_issue
[Thu Aug 19 08:27:12 CEST 2021] _chk_main_domain='www.montemother.sk'
[Thu Aug 19 08:27:12 CEST 2021] _chk_alt_domains='montemother.sk'
[Thu Aug 19 08:27:12 CEST 2021] Le_LocalAddress
[Thu Aug 19 08:27:12 CEST 2021] d='www.montemother.sk'
[Thu Aug 19 08:27:12 CEST 2021] Check for domain='www.montemother.sk'
[Thu Aug 19 08:27:12 CEST 2021] _currentRoot='/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:12 CEST 2021] d='montemother.sk'
[Thu Aug 19 08:27:12 CEST 2021] Check for domain='montemother.sk'
[Thu Aug 19 08:27:12 CEST 2021] _currentRoot='/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:12 CEST 2021] d
[Thu Aug 19 08:27:12 CEST 2021] _saved_account_key_hash is not changed, skip register account.
[Thu Aug 19 08:27:12 CEST 2021] Read key length:
[Thu Aug 19 08:27:12 CEST 2021] _createcsr
[Thu Aug 19 08:27:12 CEST 2021] Multi domain='DNS:www.montemother.sk,DNS:montemother.sk'
[Thu Aug 19 08:27:12 CEST 2021] Getting domain auth token for each domain
[Thu Aug 19 08:27:12 CEST 2021] d='montemother.sk'
[Thu Aug 19 08:27:12 CEST 2021] d
[Thu Aug 19 08:27:12 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 19 08:27:12 CEST 2021] payload='{"identifiers": [{"type":"dns","value":"www.montemother.sk"},{"type":"dns","value":"montemother.sk"}]}'
[Thu Aug 19 08:27:12 CEST 2021] RSA key
[Thu Aug 19 08:27:12 CEST 2021] Retrying post
[Thu Aug 19 08:27:12 CEST 2021] HEAD
[Thu Aug 19 08:27:12 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 19 08:27:12 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g -I '
[Thu Aug 19 08:27:13 CEST 2021] _ret='0'
[Thu Aug 19 08:27:13 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:13 CEST 2021] Retrying post
[Thu Aug 19 08:27:13 CEST 2021] POST
[Thu Aug 19 08:27:13 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 19 08:27:13 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 19 08:27:15 CEST 2021] _ret='0'
[Thu Aug 19 08:27:15 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:15 CEST 2021] code='201'
[Thu Aug 19 08:27:15 CEST 2021] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61175528/17987715780'
[Thu Aug 19 08:27:15 CEST 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61175528/17987715780'
[Thu Aug 19 08:27:15 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/23170061280'
[Thu Aug 19 08:27:15 CEST 2021] payload
[Thu Aug 19 08:27:15 CEST 2021] Retrying post
[Thu Aug 19 08:27:15 CEST 2021] POST
[Thu Aug 19 08:27:15 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/23170061280'
[Thu Aug 19 08:27:15 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 19 08:27:15 CEST 2021] _ret='0'
[Thu Aug 19 08:27:15 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:15 CEST 2021] code='200'
[Thu Aug 19 08:27:15 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/23170061530'
[Thu Aug 19 08:27:15 CEST 2021] payload
[Thu Aug 19 08:27:15 CEST 2021] Retrying post
[Thu Aug 19 08:27:15 CEST 2021] POST
[Thu Aug 19 08:27:15 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/23170061530'
[Thu Aug 19 08:27:15 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 19 08:27:16 CEST 2021] _ret='0'
[Thu Aug 19 08:27:16 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:16 CEST 2021] code='200'
[Thu Aug 19 08:27:16 CEST 2021] d='www.montemother.sk'
[Thu Aug 19 08:27:16 CEST 2021] Getting webroot for domain='www.montemother.sk'
[Thu Aug 19 08:27:16 CEST 2021] _w='/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:16 CEST 2021] _currentRoot='/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:16 CEST 2021] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A","token":"p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s"'
[Thu Aug 19 08:27:16 CEST 2021] token='p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s'
[Thu Aug 19 08:27:16 CEST 2021] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A'
[Thu Aug 19 08:27:16 CEST 2021] keyauthorization='p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s.G2lipho7wRo77DWmMUqAddFvTUu1gszecMFaNApQHT8'
[Thu Aug 19 08:27:16 CEST 2021] dvlist='www.montemother.sk#p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s.G2lipho7wRo77DWmMUqAddFvTUu1gszecMFaNApQHT8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A#http-01#/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:16 CEST 2021] d='montemother.sk'
[Thu Aug 19 08:27:16 CEST 2021] Getting webroot for domain='montemother.sk'
[Thu Aug 19 08:27:16 CEST 2021] _w='/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:16 CEST 2021] _currentRoot='/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:16 CEST 2021] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061280/JsZX7A","token":"7PWUndCpKkHMUMxVUw_KFjOOLfG1RBKBExjr4DwESoY"'
[Thu Aug 19 08:27:16 CEST 2021] token='7PWUndCpKkHMUMxVUw_KFjOOLfG1RBKBExjr4DwESoY'
[Thu Aug 19 08:27:16 CEST 2021] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061280/JsZX7A'
[Thu Aug 19 08:27:16 CEST 2021] keyauthorization='7PWUndCpKkHMUMxVUw_KFjOOLfG1RBKBExjr4DwESoY.G2lipho7wRo77DWmMUqAddFvTUu1gszecMFaNApQHT8'
[Thu Aug 19 08:27:16 CEST 2021] dvlist='montemother.sk#7PWUndCpKkHMUMxVUw_KFjOOLfG1RBKBExjr4DwESoY.G2lipho7wRo77DWmMUqAddFvTUu1gszecMFaNApQHT8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061280/JsZX7A#http-01#/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:16 CEST 2021] d
[Thu Aug 19 08:27:16 CEST 2021] vlist='www.montemother.sk#p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s.G2lipho7wRo77DWmMUqAddFvTUu1gszecMFaNApQHT8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A#http-01#/usr/local/apache/autossl_tmp/,montemother.sk#7PWUndCpKkHMUMxVUw_KFjOOLfG1RBKBExjr4DwESoY.G2lipho7wRo77DWmMUqAddFvTUu1gszecMFaNApQHT8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061280/JsZX7A#http-01#/usr/local/apache/autossl_tmp/,'
[Thu Aug 19 08:27:16 CEST 2021] d='www.montemother.sk'
[Thu Aug 19 08:27:16 CEST 2021] d='montemother.sk'
[Thu Aug 19 08:27:16 CEST 2021] ok, let's start to verify
[Thu Aug 19 08:27:16 CEST 2021] Verifying: www.montemother.sk
[Thu Aug 19 08:27:16 CEST 2021] d='www.montemother.sk'
[Thu Aug 19 08:27:16 CEST 2021] keyauthorization='p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s.G2lipho7wRo77DWmMUqAddFvTUu1gszecMFaNApQHT8'
[Thu Aug 19 08:27:16 CEST 2021] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A'
[Thu Aug 19 08:27:16 CEST 2021] _currentRoot='/usr/local/apache/autossl_tmp/'
[Thu Aug 19 08:27:16 CEST 2021] wellknown_path='/usr/local/apache/autossl_tmp//.well-known/acme-challenge'
[Thu Aug 19 08:27:16 CEST 2021] writing token:p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s to /usr/local/apache/autossl_tmp//.well-known/acme-challenge/p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s
[Thu Aug 19 08:27:16 CEST 2021] Changing owner/group of .well-known to root:root
[Thu Aug 19 08:27:16 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A'
[Thu Aug 19 08:27:16 CEST 2021] payload='{}'
[Thu Aug 19 08:27:16 CEST 2021] Retrying post
[Thu Aug 19 08:27:16 CEST 2021] POST
[Thu Aug 19 08:27:16 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A'
[Thu Aug 19 08:27:16 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 19 08:27:17 CEST 2021] _ret='0'
[Thu Aug 19 08:27:17 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:17 CEST 2021] code='200'
[Thu Aug 19 08:27:17 CEST 2021] trigger validation code: 200
[Thu Aug 19 08:27:17 CEST 2021] Pending, The CA is processing your order, please just wait. (1/30)
[Thu Aug 19 08:27:17 CEST 2021] sleep 2 secs to verify again
[Thu Aug 19 08:27:19 CEST 2021] checking
[Thu Aug 19 08:27:19 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A'
[Thu Aug 19 08:27:19 CEST 2021] payload
[Thu Aug 19 08:27:19 CEST 2021] Retrying post
[Thu Aug 19 08:27:19 CEST 2021] POST
[Thu Aug 19 08:27:19 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A'
[Thu Aug 19 08:27:19 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 19 08:27:20 CEST 2021] _ret='0'
[Thu Aug 19 08:27:20 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:20 CEST 2021] code='200'
[Thu Aug 19 08:27:20 CEST 2021] www.montemother.sk:Verify error:Invalid response from http://www.montemother.sk/.well-known/acme-challenge/p4X4QGL4nRZkACsrhwrlRoLH5PnrIidHpOKfztuFH4s [2a02:4a8:ac24:108::96:166]:
[Thu Aug 19 08:27:20 CEST 2021] pid
[Thu Aug 19 08:27:20 CEST 2021] No need to restore nginx, skip.
[Thu Aug 19 08:27:20 CEST 2021] _clearupdns
[Thu Aug 19 08:27:20 CEST 2021] dns_entries
[Thu Aug 19 08:27:20 CEST 2021] skip dns.
[Thu Aug 19 08:27:20 CEST 2021] _on_issue_err
[Thu Aug 19 08:27:20 CEST 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Thu Aug 19 08:27:20 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A'
[Thu Aug 19 08:27:20 CEST 2021] payload='{}'
[Thu Aug 19 08:27:20 CEST 2021] Retrying post
[Thu Aug 19 08:27:20 CEST 2021] POST
[Thu Aug 19 08:27:20 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061530/Ws_W_A'
[Thu Aug 19 08:27:20 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 19 08:27:21 CEST 2021] _ret='0'
[Thu Aug 19 08:27:21 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:21 CEST 2021] code='400'
[Thu Aug 19 08:27:21 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061280/JsZX7A'
[Thu Aug 19 08:27:21 CEST 2021] payload='{}'
[Thu Aug 19 08:27:21 CEST 2021] Retrying post
[Thu Aug 19 08:27:21 CEST 2021] POST
[Thu Aug 19 08:27:21 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23170061280/JsZX7A'
[Thu Aug 19 08:27:21 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 19 08:27:22 CEST 2021] _ret='0'
[Thu Aug 19 08:27:22 CEST 2021] _hcode='0'
[Thu Aug 19 08:27:22 CEST 2021] code='200'
You have new mail in /var/spool/mail/root
[root@terra02 ~]#

My web server is (include version):

The operating system my web server runs on is (include version):
centos 7

My hosting provider, if applicable, is:
me

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
cwp

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
-bash: certbot: command not found

That fails because you are not using certbot as an ACME client.
That was just an included example of how to get the version from that particular client.
Your client, as show from the log file path and contents:

seems to be the acme.sh client.
For that version, use:
/root/.acme.sh/acme.sh version

Now to address the problem:

It seems that the webroot used ends with a slash and when appended with the expected challenge path, it creates a path that contains two consecutive slashes.
Some systems can ignore that and continue; I'm not sure if yours can do that.
I would try fixing that and see if it makes any difference.
And, naturally, also confirm that is the correct document root for the challenge files to that FQDN.

And I should not forget the most obvious:

Name:      montemother.sk
Addresses: 2a02:4a8:ac24:108::96:166
           185.50.215.184

LE prefers IPv6 when present; as seen from:

Please verify that your site works equally from IPv6 as from IPv4.

The IPv6 site returns:

<!DOCTYPE html>
<html>
<head>
</head>
<frameset cols="100%,*" border="0" framespacing="0">
<frame src="https://page.active24.cz/unknown.hosting.cz/"></frameset>
<body>
<noframes>
<a href="https://page.active24.cz/unknown.hosting.cz/">https://page.active24.cz/unknown.hosting.cz/</a>
</noframes>
</body>
</html>
1 Like

Hi,
yes, to me it seems as a problem with wrong AAAA dns record. I was redirecting domain to the new server and changed just A record and forgot to remove the ipv6 AAAA... I've just deleted these old AAAA records and will try to install cert tommorow again.
Thank you all for your comments!
BR,
Marek

1 Like

Hi,
issue is resolved. Removing old ipv6 records from dns fixed the issue.
Thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.