Problems with letsencrypt, certbot, nextcloud and IPv6

Nachtschatten · June 6, 2017, 12:14pm

Launching letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for darkphoenix.ddnss.de
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. darkphoenix.ddnss.de (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: no working IP addresses found for “darkphoenix.ddnss.de”

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: darkphoenix.ddnss.de
Type: malformed
Detail: no working IP addresses found for “darkphoenix.ddnss.de”

To fix these errors, please make sure that you did not provide any
invalid information to the client, and try running Certbot again.
Done. Press any key…

I think that the Problem has something to do with IPv6 / IPv4 routing, because It’s a clean install of nextcloudpi, but the hole IPv6/IPv4 configuration is a bit messed up. There is no IPv4 portforwarding and running ifconfig prints multiple global IPv6 addresses, but only one of them is the correct one.

Is it possible that, with the default nextcloudpi configurations, letsencrypt does not work without IPv4?

rg305 · June 6, 2017, 12:19pm

tls-sni-01 challenge ???
I’m sorry, my whole effort was towards allowing a regular http challenge.
What command did you run?

Nachtschatten · June 6, 2017, 12:25pm

I’m using the nextcloudpi image and ran “sudo nextcloudpi-config” -> “letsencrypt” -> “yes” -> “darkphoenix.ddnss.de” ->“start”. I honestly have no idea which command nextcloudpi-config is using, but I could try to look it up in the source code.

rg305 · June 6, 2017, 12:26pm

try just:
sudo nextcloudpi-config

and walk through the prompts

Nachtschatten · June 6, 2017, 12:31pm

I have the source code.
I will search the letsencrypt/certbot command in the source code.

Note: I ran certbot on a different raspberry, with a different IP a few weeks ago and it worked.

"try just:
sudo nextcloudpi-config"
That is exactly what I did. I think the Problem has something to do with the IPv4/IPv6 configuration

rg305 · June 6, 2017, 12:33pm

https://ownyourbits.com/2017/03/13/nextcloudpi-gets-nextcloudpi-config/
“nextcloudpi-config” documentation shows:
Disable HTTPS redirection
HTTPS is enforced by default, but in case you have a good reason to allow HTTP, you can enable it…

choose: NO

Nachtschatten · June 6, 2017, 12:37pm

It still does not work…

Nachtschatten · June 6, 2017, 1:38pm

The command used is:
/etc/letsencrypt/letsencrypt-auto -n --no-self-upgrade --apache --hsts --agree-tos -m email@email.com -d darkphoenix.ddnss.de

The same error occures, if I run this command manually.

Nachtschatten · June 6, 2017, 5:47pm

UPDATE: IT WORKS!
The problem was that I enabled IPv6 portforwading at port 80 , but not 443. I enabled both port 80 and port 443 and now everything works fine.
Thank you for your help

system · July 6, 2017, 5:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to install Letsencrypt Help	5	370	September 13, 2023
Authorization Procedure failed Help	7	2540	January 11, 2017
Failed authorization procedure.Timeout during connect (likely firewall problem) Help	4	1314	June 14, 2020
NextCloud with LetsEncrypt with dsLite connection Help	7	1315	May 11, 2020
NextCloud Help Let’s Encrypt, Raspberry Pi 4 B, 8gb RAM Help	11	2040	November 1, 2021

Problems with letsencrypt, certbot, nextcloud and IPv6

Related topics