[Webroot] Http-01 challenge timeout on publicly accessible domain/server

Hello everybody,

I’m experiencing a strange issue with http-01 webroot challenge.
Everything seems to be set up correctly. “http://boardr.in/.well-known/*” is accessible from the internet.
Is there a way to get the real request example which is sent by Letsencrypt so I can try to debug it?
Or maybe you have other ways to debug this thing?

Any help is much appreciated.

Details below:

My domain is:

boardr.in

I ran this command:

certbot certonly --webroot --agree-tos --no-eff-email --email xxxxx@example.com -w /var/www/letsencrypt -d www.boardr.in -d boardr.in

It produced this output:
- The following errors were reported by the server:

   Domain: boardr.in
   Type:   connection
   Detail: Fetching
   http://boardr.in/.well-known/acme-challenge/9sd-XRsNvgRKcMKJ9s95i5Bkbo7qrJmDdiRW55wSlXM:
   Timeout

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version):

nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version):

Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-57-generic x86_64)

My hosting provider, if applicable, is:

Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

Hi @Lianik,

Your domain resolves AAAA records so Let’s Encrypt is trying to reach your server using IPv6 but it is not reachable.

$ curl -v6IkL http://boardr.in/.well-known/acme-challenge/test
*   Trying 2a03:b0c0:0:1010::16c5:c001...
* TCP_NODELAY set
* connect to 2a03:b0c0:0:1010::16c5:c001 port 80 failed: Connection timed out
* Failed to connect to boardr.in port 80: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to boardr.in port 80: Connection timed out

You should fix your IPv6 connectivity or remove AAAA records for your domains.

Cheers,
sahsanu

1 Like

Hi Sahsanu,

Thank you a lot. It helped, the domain has passed the validation.

Have a good day.

Best,
Alex

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.