Unable to update certificate

OSeudre · September 10, 2024, 1:24pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: the-marmot-cry.com

I ran this command: Update from Plesk extension

It produced this output: Invalide response from https://acme-v02.api.letsencrypt.org/acm/authz-v3/401725204926
Details:
Type: urn:left:params:acme:error:connection
Status: 400
Details: 51.91.190.38: Fetching https://www.the-marmot-cry.com/.well-known/acme-challenge/eTS4L0a2oZceMf3VA_0Zzaj3W21iqwbPXhfkzpr6U: Timeout during connect (likely firewall problem)

My web server is (include version): Apache

The operating system my web server runs on is (include version): Debian 10.13

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

The problem occures after adding ipv6 address to the domain.

Than you

MikeMcQ · September 10, 2024, 1:31pm

Well, that's a good place to begin your debugging

I see an nginx server at your domain on IPv4 address. I timeout with your IPv6 address. Maybe your IPv6 address in your DNS is correct but you have not yet configured your nginx server to listen for that? But, can you explain why you say you have Apache?

IPv4 sees nginx

curl -i4 -m8 https://www.the-marmot-cry.com/
HTTP/2 200
server: nginx
x-powered-by: PleskLin

IPv6 times out

curl -i6 -m8 http://the-marmot-cry.com/
curl: (28) Failed to connect to the-marmot-cry.com port 80 after 4002 ms: 
Connection timed out

OSeudre · September 11, 2024, 10:47am

Apache version is 2.4.59 and nginx version is 1.26.1

OSeudre · September 11, 2024, 10:50am

Nginx seems to work over Apache. It's configured to send requests by proxy to Apache.

MikeMcQ · September 11, 2024, 2:12pm

It can be setup to proxy to Apache but can be used as a webserver on its own too. When proxied, often the response headers will show the responding server (Apache) but I guess it could say nginx too.

In any case, your IPv6 looks to be the wrong value or perhaps something else is not configured properly to support IPv6. A forum specializing in comms config is a better place to ask about those questions. Even ask OVH support for help with that.

If you want to support IPv6 you should have a way to test that. Otherwise there could be problems with people trying to use IPv6 but failing and you would never know. If you don't think you can properly manage it you should remove the AAAA record from the DNS

OSeudre · September 11, 2024, 3:14pm

Thank you. I want to use IPV6, so I've to understand why it doesn't answer well.
I will ask help to OVH. I think I've missed something with the server configuration.

system · October 11, 2024, 3:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem getting new certificate with Plesk (solved) Help	5	471	June 22, 2023
Some challenges have failed Help	2	601	May 17, 2023
Unable to renew cert Help	1	590	January 1, 2021
SSL Renew not work Help	6	544	March 29, 2021
Unable to Add Certificate Help	25	2084	August 25, 2021

Unable to update certificate

Related topics