[SOLVED]Let's encrypt renew problem

Dear HowtoForge Community,
i have setup an owncloud server with the help of perfect server guide and ispconfig. I'm on debian 9 and ispconfig 3.1.8. The server runs very smooth until the first cert expired...
Unfortunately the server does not renew the Let's encrypt certs...:

letsencrypt log:
Di 5. Dez 19:48:10 CET 2017 Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
Di 5. Dez 19:48:10 CET 2017 Failed authorization procedure. dccj.de :: urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching ...(i had to remove the link for posting...): Timeout
Di 5. Dez 19:48:14 CET 2017 finished.

I have updated from 3.1.6 to 3.1.7 and 3.1.8 without reconfiguring the services. But the problem came up on 3.1.7 also.
Where do i start troubleshooting?

Thanks for your help!
Daniel

 

if you are using nat, you can disable the le-check under system->server-config->web->ssl

 

Hey Florian,
i am not behind a NAT...
Is it possible that the process has no access rights to the acme-challenge directory?

Thanks for further help... I really need to get this online again...
Daniel.

 

did you create all records for the domain? if you use ipv6, make sure, that the vhost is listening to ipv6, too.

 

This is not a DNS problem. I can reach the site without problems over http... when i switch to https i get the notice about the expired cert... The cert renew process does not work...
Where can i find out how to troubleshoot further? The ispconfig cron log i posted above...

 

This is not a dns-problem?
Try:
dig -t A www.dccj.de
dig -t AAAA www.dccj.de
dig -t A dccj.de
dig -t AAAA dccj.de

you will see, that there is no ipv6 for www.dccj.de

and you can not connect your webserver / the domain over ipv6. Feel free to check it: telnet -6 dccj.de 80

 

Thanks Florian!
I updated the AAAA record for the www subdomain.
But i cannot connect with telnet -6 dccj.de 80
Why? Is there a special setting in ispconfig to enable the ipv6 support?

I just added the ipv6 address to the existing ipv4 server ip and resaved the site.

Daniel.

 

open the vhost and choose the IPv6 in the drop-down

 

I have this setup. I also fixed my ipv6 in /etc/interfaces. But i still cannot ping the ipv6 or telnet.
Do i need to enable ipv6 for iptables in ispconfig or is this inserted automatically?

 

I can also not connect or ping to ipv6.google.com ???
Do i need to setup ipv6 also here in my home Router? Can i connect from ipv4 to ipv6 ?
I think my router does not yet support ipv6... how can i test the ipv6 functionality of the server?

Thanks for help,

Daniel.

 

[SOLVED]
It really was a ipv6 problem... does LE not renew the certs if ipv6 is not configured???
Thanks man!