Timeout when renewing cert

maxxer · August 1, 2017, 7:46am

Hi. I just noticed my certificate didn’t renew automatically. Trying to renew manually I got response:

# letsencrypt renew                                                                                                                                          
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/apps.ufficyo.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for apps.ufficyo.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/apps.ufficyo.com.conf produced an unexpected error: Failed authorization procedure. office.ufficyo.com (http-01): urn:acme:er
ror:connection :: The server could not connect to the client to verify the domain :: Fetching http://apps.ufficyo.com/.well-known/acme-challenge/q6X8BFQqWKs3696LIOGFjfi7M4BGedsjmiFjX7Bi83k: Timeout. Skipping

This looked very strange to me, I tried accessing the website from outside our network and works fine. If you try yourself you will get a forbidden error, but that’s expeted.
The web server is running nginx, and log showed no access attempt from outside. There’s no iptables rule or firewall blocking connections. What else could cause this timeout?
thanks

ahaw021 · August 1, 2017, 8:12am

search IPV6 on these forums as the problem you are likely facing has been discussed on almost a daily basis

Andrei

maxxer · August 1, 2017, 9:18am

indeed, temporary disabling IPv6 renewed my cert!

Will try to figure out what’s wrong

ahaw021 · August 1, 2017, 2:25pm

most likely reason is your IPV6 is pointing to the correct server however you have not set up a listener for IPV6

Andrei

maxxer · August 1, 2017, 2:52pm

what do you mean with an ipv6 listener? I do have a webserver pointing to that IP, correctly replying to requests

jared.m · August 1, 2017, 4:23pm

You may have a web server listening and replying on IPv4, but not configured to handle IPv6. This is a pretty common issue. It may be something else, but that sort of thing happens a lot.

maxxer · August 1, 2017, 4:49pm

Damn, indeed IPv6 was blocked on the firewall

system · August 31, 2017, 4:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Renew request getting timed out Help	10	3557	August 9, 2018
Renew Certs Error Help	20	4150	February 2, 2018
HTTPSConnectionPool error when trying to renew cert Help	11	5862	May 19, 2017
Problem renewing a cert Help	6	1771	June 1, 2019
504 When trying to renew certificate of my website Help	5	1454	May 19, 2017

Timeout when renewing cert

Related topics