The Lets Encrypt ACME server unable to reach http://www.mysite.nl/.well-known/acme-challenge/{some guid}

jvanrijt · November 15, 2017, 10:11am

Hi I have an Azure web app and I want to install the https certificate on it.

I followed these steps to do it: https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way/21872#.WgwMGUriaUn

Bu now I’m stuck at installing the certificatie (#3 in the url above). When I select a hostname and click install after a while I get this error:

The Lets Encrypt ACME server was probably unable to reach http://www.mysite.nl/.well-known/acme-challenge/G65zg-yumQBNW21XIoBbcq1SK7hYVEiTXIeobMMBIc8 view error report from Lets Encrypt at https://acme-v01.api.letsencrypt.org/acme/authz/U9MeCyr-vlpYluDTjYArQAZHOrD1UZC9OQcze3WxyA4 for more information.

In the error report I get this:

“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Invalid response from http://smaakcheck.nl/.well-known/acme-challenge/G65zg-yumQBNW21XIoBbcq1SK7hYVEiTXIeobMMBIc8 [2a03:3c00:a002:198::100c]: 404”,
“status”: 403

Can anyone tell me what the problem is?
I’m logged in as administrator so I was suprised to see the unauthorized error.

bytecamp · November 15, 2017, 10:25am

Is the webserver’s configuration for ipv4 and ipv6 identical? The acme server tries to access the challenge file via ipv6, the webserver is unable to present it (404).

jvanrijt · November 15, 2017, 10:34am

It’s an Azure web application I don’t know how to check that in Azure.

bytecamp · November 15, 2017, 10:43am

I would ask my provider if I were you, they must have some insight on that.

jvanrijt · November 15, 2017, 11:38am

As I said, my web application is hosted in Azure, in the cloud, there is no provider involved.

bytecamp · November 15, 2017, 12:01pm

of course there is, at least the cloud servers and the datacenter have to be operated by someone. Your domain is delegated to some nameservers which are also run by a third party. The problem could be fixed by disabling the AAAA record for your domain, but I don't know if you setup this record intentionally.

jvanrijt · November 15, 2017, 12:04pm

The AAAA record cannot me disables unfortunately.

schoen · November 15, 2017, 10:15pm

In that case, you’ll need to configure the site to work properly in both IPv4 and IPv6.

system · December 15, 2017, 10:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.