• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue [Lets Encrypt] Renewal fails for 1 of 6 domains?

P

Puma7

New Pleskian
Hi,
i get following error:

Code: 
[2019-04-10 03:42:12.063] ERR [extension/letsencrypt] Domain validation failed for domain.de: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Mss0qTpZoML0uJA4t4EebefMwTOwM6DfyMAWQGKN7Mw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://domain.de/.well-known/acme-challenge/paMRlBU1WoiI-jTxGrfrf8DkZG5eoMvMVodHCLo6HaQ: Error getting validation data
[2019-04-10 03:42:12.080] ERR [extension/letsencrypt] Domain validation failed: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Mss0qTpZoML0uJA4t4EebefMwTOwM6DfyMAWQGKN7Mw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://domain.de/.well-known/acme-challenge/paMRlBU1WoiI-jTxGrfrf8DkZG5eoMvMVodHCLo6HaQ: Error getting validation data
[2019-04-10 03:42:12.107] ERR [extension/letsencrypt] Failed to renew certificate of domain 'domain.de': Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Mss0qTpZoML0uJA4t4EebefMwTOwM6DfyMAWQGKN7Mw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://domain.de/.well-known/acme-challenge/paMRlBU1WoiI-jTxGrfrf8DkZG5eoMvMVodHCLo6HaQ: Error getting validation data

I already tried several things and found out that only one domain was affected of 6 on the same server.

Right now my best bet is that the CDN which is in front of the site either blocks the connection or the redirect from the CDN from domain.de to www.domain.de is an issue for lets encrypte.

My hope is that someone has further input to this issue :)
 
Did you mean "Web Hosting Access -> IPv6 address -> none". If so, then yes IPv6 was disabled the whole time.

In between I also switched servers from Debian to Ubuntu. But if the rest works I don't see why only one domain should fail.
 
Normally the 400 error means that Let's Encrypt cannot read the token to validate the domain. Try to open the file manually in a browser.
Code: 
https://domain.de/.well-known/acme-challenge/paMRlBU1WoiI-jTxGrfrf8DkZG5eoMvMVodHCLo6HaQ
The URL is only an example taken from your 400 error message. The token file changes from attempt to attempt, so this is only an example.

If this works, then it is most likely an issue with the IPv6 configuration, because Let's Encrypt will first try an IPv6 route. Other issues can include caching (however, in that case the browser should not display the token either).
 
it's strange.

I can get the token via browser. So also Lets Encrypt should get a connection.
Then the last option is that something between my server and Lets Encrypt blocks the connection. I use for this Site Incapsula as CDN. In the Incapsula logs I can't see any blocked attempts.

Is Lets Encrypt fixed on domain.de or does also www.domain.de work?
 
You must log in or register to reply here.

Similar threads

D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
372
Daiv
D
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
2K
Peter Debik
P
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
221
klowet
K
M
Issue plesk server certificate does NOT include an ID which matches the server name
Replies
9
Views
2K
learning_curve
learning_curve
Nicola Urbinati
Resolved Let'Encrypt SSL not issued
Replies
2
Views
2K
Nicola Urbinati
Nicola Urbinati
Back
Top