• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Let's Encrypt: Invalid response, Connection refused

O

OllieK

New Pleskian
Hi,
I use the Let's Encrypt Extension. It worked flawless for years, but recently it won't renew my certificate.
I cannot find the exact same problem in this forum or the Plesk knowledge base.

The error message is:

Fehler: Let's Encrypt-SSL/TLS-Zertifikat konnte nicht ausgestellt werden für domain.de. Die Autorisierung dieser Domain ist fehlgeschlagen.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/oXY3XVCffDXpCi_cRDCsKPywev0rfYRhp2gGZBCDPTM.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching http://www.domain.de/.well-known/acme-challenge/MsZFV8QkjEZR_PuBmUUVS3ro2-ywiwdhZnvRTQ-5ZqA: Connection refused

The interesting part is that I can reach http://www.domain.de/.well-known/acme-challenge/MsZFV8QkjEZR_PuBmUUVS3ro2-ywiwdhZnvRTQ-5ZqA without any problems with my browser.

Any ideas?

Oliver
 
In your case this is an IPv6 problem.
Either you need to make sure your server can be reached via IPv6 or you need to remove the AAAA record for your domain.

Currently, your/this site is not available via IPv6 and thus the LetsEncrypt validation fails, as the LetsEncrypt validation server does not perform any fallback to IPv4

Code: 
wget http://www.your-real-domain.cc/.well-known/acme-challenge/MsZFV8QkjEZR_PuBmUUVS3ro2-ywiwdhZnvRTQ-5ZqA

--2019-04-10 10:44:50--  http://www.your-real-domain.cc/.well-known/acme-challenge/MsZFV8QkjEZR_PuBmUUVS3ro2-ywiwdhZnvRTQ-5ZqA
Resolving www.your-real-domain.cc (www.your-real-domain.cc)... 2a01:x:x:x:x:x:x:x, 87.b.c.d
Connecting to www.your-real-domain.cc (www.your-real-domain.cc)2a01:x:x:x:x:x:x:x|:80... failed: Connection refused.
Connecting to www.your-real-domain.cc (www.your-real-domain.cc)|87.b.c.d|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 87 [text/plain]
Saving to: âMsZFV8QkjEZR_PuBmUUVS3ro2-ywiwdhZnvRTQ-5ZqAâ

MsZFV8QkjEZR_PuBmUUVS3ro2-ywiwdhZnvRTQ-5ZqA 100%[===========================================================================================>]      87  --.-KB/s    in 0s

2019-04-10 10:44:50 (5.35 MB/s) - âMsZFV8QkjEZR_PuBmUUVS3ro2-ywiwdhZnvRTQ-5ZqAâ saved [87/87]
 
Thanks a lot! I removed the aaaa record and two hours later it worked.
Now I have to find out why my server could not be accessed by IPv6 ;-)
 
You must log in or register to reply here.

Similar threads

Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
2K
Peter Debik
P
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
344
Daiv
D
M
Issue plesk server certificate does NOT include an ID which matches the server name
Replies
9
Views
2K
learning_curve
learning_curve
Nicola Urbinati
Resolved Let'Encrypt SSL not issued
Replies
2
Views
2K
Nicola Urbinati
Nicola Urbinati
hansitheking
Resolved Let's Encrypt: Timeout during connect (likely firewall problem)
Replies
4
Views
5K
trialotto
T
Back
Top