Let's encrypt timeout

Nickske00

Verified User
Joined
Nov 30, 2015
Messages
90
Hi folks!

On a fairly new server (6 months old) let's encrypt stopped working (it worked fine in the beginning). I'm getting a timeout error..

When I try to get a new certificate through direct admin:
Code:
Getting challenge for nicippe.org from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Fetching http://nicippe.org/.well-known/acme-challenge/sRNN3g21xDnLTqAp30j7zBNOVOHzNqx6N9SFLTCqG6g: Timeout. Exiting...

In the apache log I see this:
Code:
185.95.29.6 - - [18/Apr/2018:07:02:02 -0400] "GET /.well-known/acme-challenge/letsencrypt_1524049321 HTTP/1.1" 200 244 "-" "curl/7.29.0"

I tried this, https://help.directadmin.com/item.php?id=646 and it is working fine, I can reach http://nicippe.org/.well-known/acme-challenge/test.txt and get the 'test' displayed in my browser also.
When I run the curl comand:
Code:
curl -I -L -k -X GET http://nicippe.org/.well-known/acme-challenge/test.txt
HTTP/1.1 200 OK
Date: Wed, 18 Apr 2018 11:12:23 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Mon, 16 Apr 2018 15:54:41 GMT
ETag: "5-569f93d682aa1"
Accept-Ranges: bytes
Content-Length: 5
Vary: User-Agent
Content-Type: text/plain

So, can anybody point me in the right direction? :)

EDIT: I got the latest lets encrypt script, 1.0.22.
 
Last edited:
your website has an IPv6 address, but is not reachable over IPv6. That is why you get a Let´s encryot timeout.
Check your DNS to solve.
 
Thanks, I'll check with the host why IPv6 isn't working.

But how do you know this is the problem? And shouldn't it fall back on IPv4 if 6 isn't working? I also changed the script to use curl -4, so it should use IPv4 not matter what? Or is this something on the let's encrypt side?
 
When there is a AAAA record in your DNS Let´s Encrypt will use it also. So when you only want to use IPv4 delete the AAAA records at your domain provider.
 
Back
Top