Resolved let's encrypt error ipv6

[fferraro87]

Hi,
i'm trying to install let's encrypt on a domain using let's encrypt extension from plesk but i've that error :

The fresco.com DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.
To resolve the issue, either assign an IPv6 address to fresco.com ("Websites & Domains" > "Web Hosting Access") or remove the AAAA record from the fresco.com DNS zone.

if i do modinfo ipv6 from console i've that error
modinfo: ERROR: Module ipv6 not found.

if i do modprobe ipv6 i've no output but if i try again with modinfo ipv6 i've still that the module is not installed.

on that plesk it's not installed dns server because i don't use it.
So this fresco.com zone is on another nameserver external to plesk, and there aren't any AAAA record
So how can i fix this?
i'm using a centos 7.6.1810 and plesk 17.8.11 patch 35

 

[Brujo]

How looks like the IP settings (IP v4 & IP v6) for fresco.com in Plesk Panel > Domains > fresco.com> Web Hosting Access

 

[fferraro87]

i've only an ip address shared (this vps has a only one public ip).
i've nothing about ipv6

 

[IgorG]

The LetsEncrypt server is trying to validate domains through IPv6 as it is a preferred protocol. As a solution, you can either completely remove IPv6 addresses from the network interfaces in order to perform token validation through IPv4, or configure IPv6 properly.

 

[fferraro87]

The LetsEncrypt server is trying to validate domains through IPv6 as it is a preferred protocol. As a solution, you can either completely remove IPv6 addresses from the network interfaces in order to perform token validation through IPv4, or configure IPv6 properly.

I've disabled ipv6 on my interfaces :

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.110.3  netmask 255.255.255.0  broadcast 172.16.110.255
        ether 00:50:56:a4:fb:69  txqueuelen 1000  (Ethernet)
        RX packets 5511676  bytes 1727822407 (1.6 GiB)
        RX errors 0  dropped 830  overruns 0  frame 0
        TX packets 4323995  bytes 9137607364 (8.5 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

but i've still that error.

 

[IgorG]

I think AAAA record should be removed from DNS zone too.

 

[fferraro87]

sorry but there isn't an AAAA record on dns zone

 

[IgorG]

The fresco.com DNS zone contains an AAAA record

I just saw this.

 

[fferraro87]

I just saw this.

yes that's the error display by plesk, but there isn't any AAAA record

 

[IgorG]

Sorry, but I can't catch you. The existence of AAAA record in DNS zone is not Plesk error. And as I mentioned above you wrote about this record for domain fresco.com.
So, at the moment, do you have AAAA record in Plesk DNS records for domain fresco.com?

 

[fferraro87]

Sorry, but I can't catch you. The existence of AAAA record in DNS zone is not Plesk error. And as I mentioned above you wrote about this record for domain fresco.com.
So, at the moment, do you have AAAA record in Plesk DNS records for domain fresco.com?

Sorry but i'm not speaking english very well. Thanks for you patience.
That zone fresco.com is defined on a nameserver outside the plesk machine and there isn't any AAAA record defined on that zone.
So i can't unterstand why let's encrypt try to verify on AAAA record.

 

[Luana P.]

H

I have a case on the windows server (IPV6 deactivated on the network card) and the domain points to the cloudFlare (it has no AAAA entry in the DNS zone)

where it shows the error:

Error: Could not issue a Let's Encrypt SSL/TLS certificate for clickmacae.com.br.

The clickmacae.com.br DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.
To resolve the issue, either assign an IPv6 address to clickmacae.com.br ("Websites & Domains" > "Web Hosting Access") or remove the AAAA record from the clickmacae.com.br DNS zone.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/PW74fm81bzWTHHwtCRMTtv_PTAMAE_vr11Qvnjt_FdI.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from https://clickmacae.com.br/.well-known/acme-challenge/N8YgsBbSAJALaAw86DQjlz_sizZr0wtABm9qxzpR6Tk [2606:4700:20::6819:df13]: "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n<html xmlns=\"http:"

Can someone help me?
thanks.

 

[ChristophRo]

You domain clickmacae.com.br does indeed have AAAA records configured.


There may be a confusion, because the DNS service for this domain is also enabled on your Plesk server and there you don't have/see any IPv6 records configured.
But as this domain (i.e. it's DNS records) is hosted with Cloudflare, the settings on your Plesk server do not matter. I even strongly recommend that you disable this domains DNS service in your Plesk panel as it will only cause trouble the way it's now.

 

[Luana P.]

I ran the command below and rebooted the server to resolve another issue and after that SSL was activated normally.

plesk bin repair --repair-webspace-security -webspace-name clickmacae.com.br

 

[Luana P.]

Hi ChristophRo...

How do I disable DNS for a specific domain?

Thanks!

You domain clickmacae.com.br does indeed have AAAA records configured.
View attachment 15484

There may be a confusion, because the DNS service for this domain is also enabled on your Plesk server and there you don't have/see any IPv6 records configured.
But as this domain (i.e. it's DNS records) is hosted with Cloudflare, the settings on your Plesk server do not matter. I even strongly recommend that you disable this domains DNS service in your Plesk panel as it will only cause trouble the way it's now.

 

[aarucanada]

This is due to Cloudflares SSL Setup. In order to get rid of the added and hidden AAAA records, goto the SSL/TLS Tab of the domain (IN CLOUDFLARE) and change your setting from FLEXIBLE to FULL. Then proceed with your SSL setup and you should be good.

 

[testttt]

This is due to Cloudflares SSL Setup. In order to get rid of the added and hidden AAAA records, goto the SSL/TLS Tab of the domain (IN CLOUDFLARE) and change your setting from FLEXIBLE to FULL. Then proceed with your SSL setup and you should be good.

Yes the problem was causing because of CloudFlare => SSL => Edge Certificate => HTTP to HTTPS Redirection.

 

[tonybikini]

This is due to Cloudflares SSL Setup. In order to get rid of the added and hidden AAAA records, goto the SSL/TLS Tab of the domain (IN CLOUDFLARE) and change your setting from FLEXIBLE to FULL. Then proceed with your SSL setup and you should be good.

I created this acc just to tell you thank you, this did just solve the same exact issue on my end while setting up my sll in plesk through vultr. Cheers

 

[aarucanada]

I created this acc just to tell you thank you, this did just solve the same exact issue on my end while setting up my sll in plesk through vultr. Cheers

I appreciate that Tony. I am glad I was able to help. I have to admit this has given me a lot of grief as a service provider until I figured it out.

 

[AUSER]

Same here. I also made an account because, unlike the actual Plesk documentation, this actually solved the problem. Carefully following the instructions in the articles Plesk liked to failed to resolve the issue so I'm glad I found this thread.