Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: burg.tinohendricks.de
I ran this command: certbot renew
I also tried: certbot certonly --webroot -w /var/www/html -d burg.tinohendricks.de
It produced this output: Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: burg.tinohendricks.de
Type: connection
Detail: During secondary validation: 217.235.241.94: Fetching http://burg.tinohendricks.de/.well-known/acme-challenge/It4R67m8FsnYresA3BqEr7Wx7nz27ZpYqNTl7EmxXR0: Connection refused
My web server is (include version): Apache/2.4.61 (Debian) OpenSSL/3.0.13
The operating system my web server runs on is (include version): Debian bookworm
My hosting provider, if applicable, is: My Home, Deutsche Telekom DSL
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, plain console
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 2.1.0
First I tried the standalone version, now I tried the apache web root challenge several times.
Certbot:
Create a file containing just this data:
7ku_mwKFX_be64V87KzzTLasstoBfEramGoJoeBn874.PI6fNo98OdvGmgT2lsQX54ItpGAfpZ6AE9s63o0M-0M
And make it available on your web server at this URL:
http://burg.tinohendricks.de/.well-known/acme-challenge/7ku_mwKFX_be64V87KzzTLasstoBfEramGoJoeBn874
Did as requested, checked from a server sitting in a hosting company:
wget http://burg.tinohendricks.de/.well-known/acme-challenge/7ku_mwKFX_be64V87KzzTLasstoBfEramGoJoeBn874
--2024-08-07 14:41:26-- http://burg.tinohendricks.de/.well-known/acme-challenge/7ku_mwKFX_be64V87KzzTLasstoBfEramGoJoeBn874
Auflösen des Hostnamens burg.tinohendricks.de (burg.tinohendricks.de)… 217.235.241.94
Verbindungsaufbau zu burg.tinohendricks.de (burg.tinohendricks.de)|217.235.241.94|:80 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 200 OK
Länge: 88
Wird in »7ku_mwKFX_be64V87KzzTLasstoBfEramGoJoeBn874« gespeichert.
7ku_mwKFX_be64V87KzzTLasstoBfEramGoJoeBn874 100%
Certbot:
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: burg.tinohendricks.de
Type: connection
Detail: 217.235.241.94: Fetching http://burg.tinohendricks.de/.well-known/acme-challenge/7ku_mwKFX_be64V87KzzTLasstoBfEramGoJoeBn874: Connection refused
I' seeing traffic:
15:43:31.841568 IP6 p200300dc6f1cb900d25099fffeac96b6.dip0.t-ipconnect.de.35070 > g2a02-26f0-e600-0000-0000-0000-48f7-9aa9.deploy.static.akamaitechnologies.com.http: Flags [S], seq 2002761696, win 64440, options [mss 1432,sackOK,TS val 2005076391 ecr 0,nop,wscale 7], length 0
15:43:31.851782 IP6 g2a02-26f0-e600-0000-0000-0000-48f7-9aa9.deploy.static.akamaitechnologies.com.http > p200300dc6f1cb900d25099fffeac96b6.dip0.t-ipconnect.de.35070: Flags [S.], seq 3229599432, ack 2002761697, win 64260, options [mss 1432,sackOK,TS val 3656390914 ecr 2005076391,nop,wscale 7], length 0
15:43:31.851927 IP6 p200300dc6f1cb900d25099fffeac96b6.dip0.t-ipconnect.de.35070 > g2a02-26f0-e600-0000-0000-0000-48f7-9aa9.deploy.static.akamaitechnologies.com.http: Flags [.], ack 1, win 504, options [nop,nop,TS val 2005076401 ecr 3656390914], length 0
and so on.
I'm out of ideas. Can I switch to DNS challenge, desperate as I am?
Why is it IPv6 traffic but certbot complaining about a IPv4 address?
Currently I closed the ports but as you can see they were open when I tried.
Thanks for any ideas!