[Solved] Letsencrypt-auto not connecting to server?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:pdhsp.focusrite.ath.cx

I ran this command: ./letsencrypt-auto --apache -d pdhsp.focusrite.ath.cx

It produced this output:
root@guyvaio:~/letsencrypt# ./letsencrypt-auto --apache -d pdhsp.focusrite.ath.cx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pdhsp.focusrite.ath.cx
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. pdhsp.focusrite.ath.cx (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://pdhsp.focusrite.ath.cx/.well-known/acme-challenge/o2ePzi-p5j2JV3YU99ck-oxHsQaT8Ns9nAEqtbq5cng: Timeout


  • The following errors were reported by the server:

    Domain: pdhsp.focusrite.ath.cx
    Type: connection
    Detail: Fetching

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): Apache/2.4.27 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu Artful

My hosting provider, if applicable, is: localhost

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Already have another domain on .focusrite.ath.cx (DynDNS) which has an LE cert on it and that renews and everything, tried it today. However the above pdhsp domain claims it times out when trying to connect. When watching the Apache log scroll by no connection attempt ever appears to be made. I can load the URL fine from the public internet e.g. Amazon AWS server and log entries appear so it is definitely connectable from the web and it is the correct logfile that’s showing no activity during certificate request.

Normally LE just works (run as root).

The site is a dev version running on a laptop which needs HTTPS to make Google Geolocation work.

Additionally an inotifywait watching the web root folder sees no activity with .well-known being created which I assume happens as part of the validation round trip?

Hi @surefyre,

Your domain has an AAAA record so Let’s Encrypt is trying to reach the domain challenge using the IPv6 address but no way, it always timeout…

$ curl -IkLv6 http://pdhsp.focusrite.ath.cx/.well-known/acme-challenge/o2ePzi-p5j2JV3YU99ck-oxHsQaT8Ns9nAEqtbq5cng
*   Trying 2a02:c7f:2213:c500::1...
* connect to 2a02:c7f:2213:c500::1 port 80 failed: Connection timed out
* Failed to connect to pdhsp.focusrite.ath.cx port 80: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to pdhsp.focusrite.ath.cx port 80: Connection timed out

There is no problem reaching your domain using IPv4 so, or you fix your IPv6 conf or you remove the AAAA record for domain pdhsp.focusrite.ath.cx.

Good luck,

1 Like

Thanks Sahsanu, will see if I can bin the AAAA from DynDns. IPV6 always catches me out!

1 Like

My retry timeout just expired, deleting the IPV6 entry in DynDns worked perfectly, thanks!

Perhaps it’s worth an IPV6 comment in the error message output during validation attempt if any LE devs are reading?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.