Resolved Lets Encrypt

[Jack Stringer]

Error: Unable to obtain Let's Encrypt SSL certificate because of failed challenge for domain "site.org.uk":
Fetching http://site.org.uk/.well-known/acme-challenge/q2TXw47kDmcanV_tFJwa9lx2T2jbNbFMlYeJ-iothxg: Timeout

Trying to fix this issue. It has been running fine on the server for several months with no issues.

I have tried,
Turning off - Hosting Settings > Permanent SEO-safe 301 redirect from HTTP to HTTPS
Setting to use www. and not.
Deleting the Lets Encrypt certs (out of date ones)
Removing and Installing Lets Encrypt.

I can access the /.well-known/ folder from outside. This issue effects all domains on the VPS

I am using CentOS 6.9 (Final)‬, Plesk Onyx Version 17.5.3 Update #16, last updated on Aug 1, 2017 04:37 PM, Let's Encrypt version 2.2.2-144

Only issue that recently reared its head was an issue with php sessions that was broken...fixed itself and now is broken again but not enough of a good to work out what the issue is. Setting it to a custom folder just ourside of httpdocs seems to make it work for php scripts on the website but the session folder requires manual intervention to clear out from time to time.

 

[IgorG]

Please look at this thread Issue - Error: Unable to obtain Let's Encrypt SSL certificate because of failed challenge for domain

 

[Jack Stringer]

Yes I have looked at that and it doesnt solve my problems. The solutions stated isnt very clear and what I have been able to work out I have tried.

 

[Jack Stringer]

I have just done a bit more prodding and got phpsessions working again. Also just watched the /.well-known/acme-challenge/ folder and the file apeared and I can access it but for some reason the Lets Encrypt Server can't access the file. Funny really as looking in the web log I can't see an attempt by Lets Encrypt to get to my site.

 

[UFHH01]

Hi Jack Stringer,

as the Plesk Let's Encrypt extension writes into your "panel.log", you might consider to increase the log - level here:

=> Plesk for Linux services logs and configuration files ( KB - article: 213403509 )​

Sometimes, it is as well a good idea to change the log - level ( TEMPORARILY! ), to get more informations in Plesk - log - files:

=> How to enable/disable debug logging in Plesk 11.5 and up? ( KB - article: 213408889 )​

 

[Flashz]

do u have added a a record for your domain?

 

[Jack Stringer]

I may have stumbled across somthing. Seems the site isn't reachable via IPV6 address I have from 1and1 which might be the reason why the Lets Encrypt can't get the file that is there.

I have done a repair on the ipaddresses but that doens't fix it.

 

[UFHH01]

Hi Jack Stringer,

your latest answer leaves people willing to help you now more in the dark than before, as we can't reproduce or investigate your issue, if you don't provide more informations.
Pls. consider to provide the FQDN and/or the corresponding IPv4 + IPv6 addresses and try to include depending log - entries and depending webserver configuration files ( as attachments ?!? ), as the statement:

I have done a repair on the ipaddresses but that doens't fix it.

... doesn't provide WHAT you did and still doesn't lead to ( possible ) Let's Encrypt issues/errors/problems.

 

[Jack Stringer]

Sorry UFHH01,

I am not a Linux geek, I just know enough about it to muddle through. The issue may not be the fault of LE and more todo with the IPv6 issue. I do have SSH but I struggle with the layout of folders on Linux (CentOS) and that files are dotted all over the place. Hence I like Plesk as it saves me using CLI as much as possible.

To clarify my Repair IP Addresses,
Every time I restart the VPS I will get an issue with the IP addresses assigned to the VPS. So I have to go to
Tools & Settings>IP Addresses then select ReRead IP then Fix Problems. Then rebuild the configs otherwise nginx & apache won't work properly.

I would assume that as I have a IPv4 and IPv6 address that Lets Encrypt May well try to use IPv6 to connect to the site if it is unreachable. I know the file is there on IPv4 and it can be seen publically. I am going to turn off IPv6 at the DNS level (AAA) and then try that in a while. If that is the problem then I know what to chase. While I wait for that to kick in I will try debug log mode to see what I can see.

 

[Jack Stringer]

OK, it's an IPv6 Issue. I will now close this post and start a new IPv6 post...once I have had a cup of tea.