Hello
I've got several domains running on the same server, hence the same IPs
Three months ago, the renewal worked fine. But since about two weeks or so, any attempt to renew existing certificates produces connection timetout errors.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for drumee.net
Using the webroot path /xxx/yyy for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. drumee.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://drumee.net/.well-known/acme-challenge/xx3BWabvNASGUahi6Cl1ejQShceLdcG2iGXqZxnpbK4: TimeoutIMPORTANT NOTES:
The following errors were reported by the server:
Domain: drumee.net
Type: connection
Detail: Fetching
http://drumee.net/.well-known/acme-challenge/xx3BWabvNASGUahi6Cl1ejQShceLdcG2iGXqZxnpbK4:
TimeoutTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
By looking at the server log (nginx 1.6.2) there are no http request reaching the server
Trying a test file on the target link is OK with wget -S http://drumee.net/.well-known/test.txt
wget -S http://drumee.net/.well-known/test.txt
--2017-12-29 00:01:45-- http://drumee.net/.well-known/test.txt
RĂ©solution de drumee.net (drumee.net)... 149.202.217.145, 2001:41d0:1000:1c91::2
Connexion vers drumee.net (drumee.net)|149.202.217.145|:80...connecté.
requĂȘte HTTP transmise, en attente de la rĂ©ponse...
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Thu, 28 Dec 2017 23:05:06 GMT
Content-Type: text/plain
Content-Length: 13
Last-Modified: Thu, 28 Dec 2017 22:03:33 GMT
Connection: keep-alive
ETag: "5a456a35-d"
Accept-Ranges: bytes
Longueur: 13 [text/plain]
Sauvegarde en : «test.txt.12»
Extract from log :
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "Fetching http://drumee.net/.well-known/acme-challenge/xx3BWabvNASGUahi6Cl1ejQShceLdcG2iGXqZxnpbK4: Timeout",
"status": 400**
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/8f-O5JwkTqfMi9B1bfwa7PusFrIsxSZH66SJy5ITIX4/2904510851",
"token": "xxxxxxxxxxxxxxxxxxxxxxxxxx",**
"keyAuthorization": "xxxxxxxxxxxxxxxxxxxx",
"validationRecord": [
{
"url": "http://drumee.net/.well-known/acme-challenge/xx3BWabvNASGUahi6Cl1ejQShceLdcG2iGXqZxnpbK4",
"hostname": "drumee.net",
"port": "80",
"addressesResolved": [
"149.202.217.145",
"2001:41d0:1000:1c91::2"
],
"addressUsed": "2001:41d0:1000:1c91::2",
"addressesTried":
}
]
},
