Can't renew SSL Cert, can't seem to access challenge over HTTP

I’ve tried figuring out a way to get the cert to renew, but it just seems to timeout every time.

When I go to the url, I immediately get redirect to HTTPS. nginx is configured as per setup script.

“Something unexpected went wrong: The HTTP Validation challenge for domain failed: Fetching http:/domain/.well-known/acme-challenge/dMhwik8nb5C2TpqT0zvvljcyrRZpfHbFXlJ-jGYi9hc: Timeout.”

I’ve been trying for days now to get it working, any tips would be much appreciated.

Had something similar. Caused by the fact that my box had an IPv6 address but was not reachable over IPv6 due to a router configuration error. Lets Encrypt tries ipv6 first and due to some recent bug in their software they did not try ipv4 when ipv6 timed out. Making my box available over ipv6 (correcting the router config) solved it for me.

Regards,

Paul;

I have a valid IPv6 attached to my box, but what exactly did you change ot make it work?

I use MIAB in an unrecommended way, on its own discrete Linux box behind a router and a firewall. In that setup the box had a valid ipv6 address that it also advertised in its dns. However, due to a problem in the setup of my network the box was not actually reachable over ipv6. Ipv6 packets from outside did not reach it.

You can test this by entering ‘box.yourdomain.com’ in

http://ipv6-test.com/validate.php

and see if that tells you your site (box) is ipv6 ready.

At first this test failed for my box. As soon as I corrected my network this test succeeded and was I able again to renew my certificates.

Awesome, I’ll check this out and figure out why my IPv6 isn’t pinging, thanks!

Completely right, set up the IPv6 on my box and tested using the validator you provided and all good now. Thank you so much, I honestly would never have guessed it was IPv6 causing it.