Failing to renew Let's Encrypt certificates

[brainforge]

User name: brainforge

TITLE

Failing to renew Let's Encrypt certificates

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Centos 7 Plesk Obsidian Version 18.0.23

PROBLEM DESCRIPTION

Get emails / error messages like the following.
Can access fine from browser.
Details:
Type: urn:ietfarams:acme:error:connection
Status: 400
Detail: Fetching https://....../.well-known/acme-challenge/...... Timeout during connect (likely firewall problem)

STEPS TO REPRODUCE

Renew cerificate for a domain.

ACTUAL RESULT

Get above error message.
Later get an email with same message.

EXPECTED RESULT

Preferably renew works without any further action.
Improve error message to indicate other areas to examine / change e.g. DNS

ANY ADDITIONAL INFORMATION

See Issue - Let's encrypt not renew

Setup Plesk and DNS to use both PIPV4 and IPV6 addresses.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[IgorG]

Have you checked this KB article at least Unable to issue Let's Encrypt certificate in Plesk: "Timeout during connect (likely firewall problem)" OR "Error getting validation data" ?

 

[brainforge]

Looks like will need to everywhere temporarily disable SEO safe 301 as per the January 22, 2020 17:14 comment here:

Unable to issue Let's Encrypt certificate in Plesk: "Timeout during connect (likely firewall problem)" OR "Error getting validation data"

Applicable to: Plesk Onyx for Linux Symptoms Unable to install Let's Encrypt certificate either for a domain example.com in Domains > example.com > Let's Encrypt or for securing Plesk in...

support.plesk.com

What's the timescale for internal request ID EXTLETSENC-769?
Or even in short-term providing link to additional information in the error message....

 

[brainforge]

Correction looks like SEO safe 301 is not the issue in those I've tried so far.

Instead - have to remove the AAAA records for IPV6 from the DNS - then Let's Encrypt renewal works.