Nono66
March 15, 2019, 1:45pm
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: anoukis-m.com
I ran this command: on plesk I put renew button (automaticly renew not work too)
It produced this output:
Erreur: Impossible d’émettre le certificat SSL/TLS Let’s Encrypt pour anoukis-m.com . Échec de l’autorisation pour le domaine.
Détails
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/f8bm9rcaGv_Lei-uDMICgojEpHbUPKAntG1As3hQBRw .
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching http://www.anoukis-m.com/.well-known/acme-challenge/-nmyEUyGsHbQJqK2LkRkAmF47n-_R5NJfDqyh7gLHvY: Error getting validation data
My web server is (include version): Plesk
The operating system my web server runs on is (include version): Centos 6.10
I can login to a root shell on my machine (yes or no, or I don’t know): yes (but I’m begginer on this)
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk 17.8.11
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 2.7.3-474
Hi @Nono66
you have ipv4- and ipv6 - addresses (checked with https://check-your-website.server-daten.de/?q=anoukis-m.com ):
But your ipv6 doesn't work:
Ipv4 has a - correct - http status 404 (Not Found). But ipv6 has a timeout.
Is there a firewall? Is ipv6 configured?
If not, remove the ipv6 AAAA dns entry.
Nono66
March 15, 2019, 2:32pm
3
JuergenAuer:
2001:41d0:2:c5c9::
Thanks for answer.
I don't have Firewall.
I think ipv6 is configured, I can ping6 2001:41d0:2:c5c9:: from another server, and ping is ok
I try to remove IPv6 for the domain (AAAA too) but the renew not work more ... may be renew take information from secondary DNS in priority ?
I don't have change anything before the last renewed on the server, and all renew (anoukis-m.com , geneworld.net , mangavortex.com , ...) are broken.
I can't know if my version of let's encrypt is the last one ... it's the last who plesk give me but may be not the last one ?
Ping isn't enough. Your webserver doesn't work.
10 seconds no answer -> timeout. Your ipv4 answers in 0,05 seconds.
Nono66
March 15, 2019, 2:50pm
5
You speak from Apache ?
Apache “Listen 80”
In virtualhost I have : <VirtualHost [2001:41d0:2:c5c9::]:80 >
same for :443 and same for ipv4
That looks good.
I see, you recheck your domain ( https://check-your-website.server-daten.de/?q=anoukis-m.com ).
My tool doesn't see your ipv6 webserver.
And Letsencrypt prefers ipv6, so this error is critical.
Or: Remove your ipv6 entry, create a new certificate, add the ipv6 and try to fix it.
But your ipv4 is blocked:
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 188.165.250.201:443
That looks like a firewall.
Nono66
March 15, 2019, 3:12pm
7
I try modify apache configuration file, but I make an error and break ipv4 connexion, after a rollback is good for ipv4 in the recheck for the domain.
I’m going to try without ipv6 because I don’t see why ipv6 connexion are blocked
Thanks for your help (and sorry for my english).
Nono66
March 15, 2019, 3:13pm
8
If I remove ipv6 for the domain, I may delete certificate and create new one, or can I renew the old one ?
Nono66
March 15, 2019, 3:43pm
9
I try on another domain, when I remove ipv6, I stand synchronisation of the two DNS, I can create a new certificate.
Don't delete a certificate.
Try to create a new.
system
Closed
April 14, 2019, 3:46pm
11
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.