Timeout for one out of 50 certificates


I have a webserver with about 50 different domains and a single certificate for each domain. Everything worked fine for at least half a year, but last week one certificate didn’t renew. certbot always shows me a timeout, but I didn’t change any configuration.
I already tried to delete the certificate and requested a new one, but I get the same error.
It’s about gjspunk.de. See all details below. Another domain on the host which works is e.g. gruene-jugend.de.

Here is the relevant part of my nginx config:

server {
    listen 80;
    listen [::]:80;

    server_name gruene-jugend.de gjspunk.de; #all my domains are listed here

    root /var/www/html;

    location / {
        try_files $uri @httpsrewrite;

    location @httpsrewrite {
        return 301 https://$host$request_uri;


A test file is placed in /var/www/html/.well-known/test, which is accessible at http://gjspunk.de/.well-known/test:

$ curl http://gjspunk.de/.well-known/test

My domain is: gjspunk.de

I ran this command: certbot certonly --webroot -w /var/www/html -d "gjspunk.de" --register-unsafely-without-email --non-interactive --agree-tos

It produced this output: Failed authorization procedure. gjspunk.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://gjspunk.de/.well-known/acme-challenge/WPuHV_swYkw47TogYTDjG3HpyMr5hEIQu1UunSLjh28: Timeout

My web server is (include version): nginx/1.13.1

The operating system my web server runs on is (include version): Debian 8.8

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Any idea what the problem is? I already checked the access_log and the firewall-log, but no one has any entries relating to cerbot/letsencrypt…

Thanks a lot!

gjspunk.de has an AAAA DNS record, but the IPv6 address in question is apparently not running an accessible HTTP server.

You need to fix the IPv6 server, or remove the AAAA record.

1 Like

Dam it… thank you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.