[Solved] Www.starkhome.org: The server could not connect to the client to verify the domain


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.starkhome.org
I ran this command:
certbot --apache
It produced this output:
Failed authorization procedure. www.starkhome.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.starkhome.org/.well-known/acme-challenge/uyROcCyKRsS7PjsNuUFys6M9_xkUcVSlmf7BYFqVAG8: Timeout
My web server is (include version):
Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel)no


#2
www.starkhome.org.          (unsigned)  3524  CNAME  jasonstark916.synology.me.
jasonstark916.synology.me.  (unsigned)  164   A      68.83.61.119
jasonstark916.synology.me.  (unsigned)  165   AAAA   2601:84:c801:5162:211:32ff:fe5b:5477

Connecting to http://www.starkhome.org/ over IPv6 times out, though IPv4 works.

Are you sure the IPv6 address is correct, doesn’t block port 80 in a firewall, and works?


#3

I’m not sure whether IPv6 works. I don’t know how to test it. Happy to give it a try, though.

I edited my DNS entries, and replaced the DDNS addresses (jasonstark916.synology.me) with IPv4 addresses (68.83.61.119). Entering the IPv4 address into a browser returns my index.html web page.

I also added an AAAA entry for 2601:84:c801:5162:211:32ff:fe5b:5477. It times out if I enter it into a browser.

I’m set up in a home network. I have been using a Synology NAS, set up with web server. I’m replacing with Ubuntu 16.04 server, and working out the installation using a VirtualBox (v 5.2.8) VM running on a Mac OS X host (v 10.13.4). The index.html page that I serve at 68.83.61.119 is coming from the Ubuntu guest on that VM.

I have my router set up so that port 80 forwards to port 80, and port 443 forwards to port 443.


#4

Your IPv6 connectivity is currently broken. You should debug that (maybe with some help from your ISP) or else remove the AAAA record.


#5

If I were to remove the AAAA record, should I expect to be successful to obtain certificates using IPv4? Thank you for your help!


#6

I removed the AAAA record, and ran “certbot --apache”. This was successful. Thank you for your help. You guys (and EFF) provide a great service.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.