Problem with update certificate

Please fill out the fields below so we can help you better.

My domain is: en-sveta.ru

I ran this command: /etc/certbot/certbot-auto renew

It produced this output:
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/en-sveta.ru.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for en-sveta.ru
http-01 challenge for www.en-sveta.ru
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/en-sveta.ru.conf produced an unexpected error: Failed authorization procedure. en-sveta.ru (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://en-sveta.ru/.well-known/acme-challenge/p_itYqdH4ZCUUsW_dOgA0Mnb8oKBZwWez9Q-z2Yyvok: Timeout, www.en-sveta.ru (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.en-sveta.ru/.well-known/acme-challenge/texP98IYYosYPugeCFIlK9100bUuXP7c1Hz4xmotVow: Timeout. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/en-sveta.ru/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

or

/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/en-sveta.ru.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Attempting to renew cert from /etc/letsencrypt/renewal/en-sveta.ru.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently… Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/en-sveta.ru/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Hi @VladimirKliuev,

The underlying reason for the problem seems to be that you are advertising an IPv6 address, 2a03:6f00:4::bce1:27c, for this server via an AAAA record in DNS, but the server is not actually reachable at that address—it is only reachable at its IPv4 address. The Let’s Encrypt CA uses IPv6 to try to validate servers when possible, so the unavailability of the server at the IPv6 address that you advertise causes a validation timeout.

The second error is just due to trying the same validation method unsuccessfully too many times. You will be permitted to try again in 1 hour. If you’re not sure if a particular renewal method will work, you can also test with --staging first to avoid this limitation.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.