Timeout when renewing cert

Hi. I just noticed my certificate didn’t renew automatically. Trying to renew manually I got response:

# letsencrypt renew                                                                                                                                          
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/apps.ufficyo.com.conf
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for apps.ufficyo.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/apps.ufficyo.com.conf produced an unexpected error: Failed authorization procedure. office.ufficyo.com (http-01): urn:acme:er
ror:connection :: The server could not connect to the client to verify the domain :: Fetching http://apps.ufficyo.com/.well-known/acme-challenge/q6X8BFQqWKs3696LIOGFjfi7M4BGedsjmiFjX7Bi83k: Timeout. Skipping

This looked very strange to me, I tried accessing the website from outside our network and works fine. If you try yourself you will get a forbidden error, but that’s expeted.
The web server is running nginx, and log showed no access attempt from outside. There’s no iptables rule or firewall blocking connections. What else could cause this timeout?

search IPV6 on these forums as the problem you are likely facing has been discussed on almost a daily basis



indeed, temporary disabling IPv6 renewed my cert! :confused:

Will try to figure out what’s wrong

1 Like

most likely reason is your IPV6 is pointing to the correct server however you have not set up a listener for IPV6 :smiley:


what do you mean with an ipv6 listener? I do have a webserver pointing to that IP, correctly replying to requests

You may have a web server listening and replying on IPv4, but not configured to handle IPv6. This is a pretty common issue. It may be something else, but that sort of thing happens a lot.

Damn, indeed IPv6 was blocked on the firewall :man_facepalming:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.