LetsEncrypt suddenly stopped working

[youradds]

Hi,

This seems to be quite a common issue, but nothing I've tried thus far sorts it. This is the closest I've found:

viewtopic.php?f=10&t=13979

The pipe exists and seems to work fine for new sites. However, the "admin.mydomain.com" sub-domain seems to be failing:

Error: Invalid response from http://admin.mydomain.com/.well-known/a ... fK5AwNf5E8: \

I'm baffled as to why though, as it's worked fine up until now. Any ideas on what to try? I created a test /.well-known/acme-challenge/foo file, and that access file when called manually (and comes back as text/plain)

Thanks

Andy

[tjebbeke]

Can you delete the .well-known again?
Check DNS settings.

[youradds]

Hi,

Thanks tjebbeke. Unfortunatly that doesn't do it. It appears to be some weird IPv6 issue. If I remove the IPv6 AAAA records from my DNS (on linode, not locally), then it works fine. The only reason it seems to have manifested itself now, is that LetsEncrypt have (for some reason) decided to prioritise the use of the IPv6 records when looking up a site - and for whatever reason, this isn't returning the correct value :/ If worst comes to worst (and the certificate is almost about to expire), I guess I'm going to just have to delete my IPv6 DNS records, and hope that fixes it. Surely other people are also having this issue as well??

Cheers

Andy

[tjebbeke]

If it is an IPV6 problem, you can change your nginx configs to allow ipv6, that should work.

[youradds]

Ah man, I can't believe how dumb I've been! The issue is that I created the admin. sub-domain when setting up the server, and then I updated the template to use:

Code: Select all

    listen      %ip%:%web_port%;
    listen      [::]:%web_port%;

instead of just:

Code: Select all

    listen      %ip%:%web_port%;

So what that meant, was that I only had:

Code: Select all

    listen      45.79.97.48:80;

instead of:

Code: Select all

    listen      45.79.97.48:80;
    listen      [::]:80;

I did a rebuild of the admin username, and it works fine now! DOH!

Cheers

Andy

[youradds]

Mmm actually, that fixed it on one server - but I'm still having the problem on 2 others :( The nginx.conf files look fine:

Code: Select all

server {
    listen      109.74.193.98:80;
    listen      [::]:80;
    server_name chambresdhotesfrance.com www.chambresdhotesfrance.com;

...and:

server {
    listen      109.74.193.98:80;
    listen      [::]:80;
    server_name admin.chambresdhotesfrance.com ;

Yet I get:

root@admin:~# sudo /usr/local/vesta/bin/v-update-letsencrypt-ssl
Error: Invalid response from http://admin.chambresdhotesfrance.com/. ... _xAJQIxnqQ: \
Error: Invalid response from http://chambresdhotesfrance.com/.well-k ... jAbSF-aXnc: \

I also have the same message on another server (with another domain).

Mmm :(

[tjebbeke]

And what happens if you change [::] to the exact IPv6 address?

[youradds]

Same thing I'm afraid :(