Unable to get new cert generated

I've been stumbling on this for hours trying to get a new cert generated.

My domain is: russjudge.com

I ran this command: certbot --apache

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: russjudge.com
Type: connection
Detail: 2600:1700:abd8:4200::43: Fetching http://russjudge.com/.well-known/acme-challenge/Z-472GJ4FZF2KROTG1LQbV75StA7eDmttA4EVByNejQ: Timeout during connect (likely firewall problem)
Log sample:

{
"identifier": {
"type": "dns",
"value": "russjudge.com"
},
"status": "invalid",
"expires": "2023-01-14T20:10:43Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "2600:1700:abd8:4200::43: Fetching http://russjudge.com/.well-known/acme-challenge/Z-472GJ4FZF2KROTG1LQbV75StA7eDmttA4EVByNejQ: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/193348989477/HYvw3w",
"token": "Z-472GJ4FZF2KROTG1LQbV75StA7eDmttA4EVByNejQ",
"validationRecord": [
{
"url": "http://russjudge.com/.well-known/acme-challenge/Z-472GJ4FZF2KROTG1LQbV75StA7eDmttA4EVByNejQ",
"hostname": "russjudge.com",
"port": "80",
"addressesResolved": [
"2600:1700:abd8:4200::43"
],
"addressUsed": "2600:1700:abd8:4200::43"
}
],
"validated": "2023-01-07T20:10:47Z"
}
]
}

My web server is (include version):
Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version):
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.32.2

Hello @russjudge, welcome to the Let's Encrypt community. :slightly_smiling_face:

Port 80 on your IPv6 Address didn't respond for the HTTP-01 challenge
Best Practice - Keep Port 80 Open

Using Let's Debug yielded these results:
https://letsdebug.net/russjudge.com/1327130

2 Likes

And here is a list of issued certificates crt.sh | russjudge.com, the latest being 2023-01-07.

1 Like

Also DNS Spy report for russjudge.com shows you only have an IPv6 Address.
russjudge.com | DNSViz agrees.

That isn't the reason that Let's Encrypt could not issue a certificate; just additional data.

3 Likes