Page 1 of 1

SSL/TLS certificate problems on server

Posted: Tue 9. Aug 2022, 11:42
by 24unix
Ich bin sicher, dass die Ursache des Problems bei KeyHelp liegt
(Probleme ohne KeyHelp-Bezug gehören ins Offtopic-Forum)

Nein, bin ich mir nicht, bin ehrlich gesagt ratlos.



Server-Betriebssystem + Version
(z.B. Ubuntu 20.04)

Debian Bullseye


Eingesetzte Server-Virtualisierung-Technologie
(z.B. keine, OpenVZ, KVM, XEN, etc.)

OpenVZ

KeyHelp-Version + Build-Nummer
(z.B. 22.0 - Build 2366)

22.1.1 (Build 2690)


Problembeschreibung / Fehlermeldungen

Zertifikate werden nicht mehr erneuert.


Erwartetes Ergebnis

Neue Zertifikate

Tatsächliches Ergebnis

Kene Zertifikate

Schritte zur Reproduktion
./.

Zusätzliche Informationen
(z.B. kürzlich durchgeführte Änderungen am Server, Auszüge aus Protokolldateien (/var/log/*, /var/log/keyhelp/php-error.log, etc.))

Ich habe keine Änderungen gemacht, und seit drei Tagen bekomme ich jede Nacht so eine Mail:
Hello tracer!

During the routine check of the SSL/TLS certificates, the following problems occurred:

------------------------------------
Certificate name: rchelifan.org (Let's Encrypt)

Verification ended with an error.
Details: 85.214.79.33: Fetching https://rchelifan.org/.well-known/acme- ... s3477onVxc: Error getting validation data
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"85.214.79.33: Fetching https:\/\/rchelifan.org\/.well-known\/acme-challenge\/YAJbWSTsuBUEP47qdkTEv6xsTVyx7JV83s3477onVxc: Error getting validation data","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/139874234796\/7RPSDg","token":"YAJbWSTsuBUEP47qdkTEv6xsTVyx7JV83s3477onVxc","validationRecord":[{"url":"http:\/\/rchelifan.org\/.well-known\/acme-challenge\/YAJbWSTsuBUEP47qdkTEv6xsTVyx7JV83s3477onVxc","hostname":"rchelifan.org","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"},{"url":"http:\/\/rchelifan.org\/.well-known\/acme-challenge\/YAJbWSTsuBUEP47qdkTEv6xsTVyx7JV83s3477onVxc","hostname":"rchelifan.org","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"85.214.79.33"},{"url":"https:\/\/rchelifan.org\/.well-known\/acme-challenge\/YAJbWSTsuBUEP47qdkTEv6xsTVyx7JV83s3477onVxc","hostname":"rchelifan.org","port":"443","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"}],"validated":"2022-08-08T22:19:39Z"}
Valid until: 2022-08-26 23:19:18 (17 day(s) left)


Certificate name: aussempott.de (Let's Encrypt)

Verification ended with an error.
Details: 85.214.79.33: Fetching https://aussempott.de/.well-known/acme- ... LR1cDIObl0: Error getting validation data
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"85.214.79.33: Fetching https:\/\/aussempott.de\/.well-known\/acme-challenge\/D1aGsNmZwEvUvCl9FWvMsm8jSqS0cA-DMLR1cDIObl0: Error getting validation data","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/139874263806\/uRTzrw","token":"D1aGsNmZwEvUvCl9FWvMsm8jSqS0cA-DMLR1cDIObl0","validationRecord":[{"url":"http:\/\/aussempott.de\/.well-known\/acme-challenge\/D1aGsNmZwEvUvCl9FWvMsm8jSqS0cA-DMLR1cDIObl0","hostname":"aussempott.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"},{"url":"http:\/\/aussempott.de\/.well-known\/acme-challenge\/D1aGsNmZwEvUvCl9FWvMsm8jSqS0cA-DMLR1cDIObl0","hostname":"aussempott.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"85.214.79.33"},{"url":"https:\/\/aussempott.de\/.well-known\/acme-challenge\/D1aGsNmZwEvUvCl9FWvMsm8jSqS0cA-DMLR1cDIObl0","hostname":"aussempott.de","port":"443","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"}],"validated":"2022-08-08T22:19:47Z"}
Valid until: 2022-08-26 23:19:28 (17 day(s) left)


Certificate name: crowddataworker.de (Let's Encrypt)

Verification ended with an error.
Details: 85.214.79.33: Fetching https://crowddataworker.de/.well-known/ ... VWKPjSbotM: Error getting validation data
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"85.214.79.33: Fetching https:\/\/crowddataworker.de\/.well-known\/acme-challenge\/SLYPDfTsHsykcN6Oaydg72psy45OJNJPbVWKPjSbotM: Error getting validation data","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/139874298226\/OXBZqw","token":"SLYPDfTsHsykcN6Oaydg72psy45OJNJPbVWKPjSbotM","validationRecord":[{"url":"http:\/\/crowddataworker.de\/.well-known\/acme-challenge\/SLYPDfTsHsykcN6Oaydg72psy45OJNJPbVWKPjSbotM","hostname":"crowddataworker.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"},{"url":"http:\/\/crowddataworker.de\/.well-known\/acme-challenge\/SLYPDfTsHsykcN6Oaydg72psy45OJNJPbVWKPjSbotM","hostname":"crowddataworker.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"85.214.79.33"},{"url":"https:\/\/crowddataworker.de\/.well-known\/acme-challenge\/SLYPDfTsHsykcN6Oaydg72psy45OJNJPbVWKPjSbotM","hostname":"crowddataworker.de","port":"443","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"}],"validated":"2022-08-08T22:19:57Z"}
Valid until: 2022-08-27 23:19:10 (18 day(s) left)


Certificate name: fairdns.de (Let's Encrypt)

Verification ended with an error.
Details: 85.214.79.33: Fetching https://fairdns.de/.well-known/acme-cha ... GDjDsINXns: Error getting validation data
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"85.214.79.33: Fetching https:\/\/fairdns.de\/.well-known\/acme-challenge\/ZvohxC1OLN_uAv-h2d-jQG-CRrjT1bUBmGDjDsINXns: Error getting validation data","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/139874378336\/XQUVFg","token":"ZvohxC1OLN_uAv-h2d-jQG-CRrjT1bUBmGDjDsINXns","validationRecord":[{"url":"http:\/\/fairdns.de\/.well-known\/acme-challenge\/ZvohxC1OLN_uAv-h2d-jQG-CRrjT1bUBmGDjDsINXns","hostname":"fairdns.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"},{"url":"http:\/\/fairdns.de\/.well-known\/acme-challenge\/ZvohxC1OLN_uAv-h2d-jQG-CRrjT1bUBmGDjDsINXns","hostname":"fairdns.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"85.214.79.33"},{"url":"https:\/\/fairdns.de\/.well-known\/acme-challenge\/ZvohxC1OLN_uAv-h2d-jQG-CRrjT1bUBmGDjDsINXns","hostname":"fairdns.de","port":"443","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"}],"validated":"2022-08-08T22:20:11Z"}
Valid until: 2022-08-26 23:19:57 (17 day(s) left)


Certificate name: tzazicke.de (Let's Encrypt)

Verification ended with an error.
Details: 85.214.79.33: Fetching https://tzazicke.de/.well-known/acme-ch ... 41r4-N59-s: Error getting validation data
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"85.214.79.33: Fetching https:\/\/tzazicke.de\/.well-known\/acme-challenge\/cBtNzlAF62wlWQ8Gz1gmM5j4o7ZzCcBcU41r4-N59-s: Error getting validation data","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/139874462516\/6FW6KQ","token":"cBtNzlAF62wlWQ8Gz1gmM5j4o7ZzCcBcU41r4-N59-s","validationRecord":[{"url":"http:\/\/tzazicke.de\/.well-known\/acme-challenge\/cBtNzlAF62wlWQ8Gz1gmM5j4o7ZzCcBcU41r4-N59-s","hostname":"tzazicke.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"},{"url":"http:\/\/tzazicke.de\/.well-known\/acme-challenge\/cBtNzlAF62wlWQ8Gz1gmM5j4o7ZzCcBcU41r4-N59-s","hostname":"tzazicke.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"85.214.79.33"},{"url":"https:\/\/tzazicke.de\/.well-known\/acme-challenge\/cBtNzlAF62wlWQ8Gz1gmM5j4o7ZzCcBcU41r4-N59-s","hostname":"tzazicke.de","port":"443","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"}],"validated":"2022-08-08T22:20:26Z"}
Valid until: 2022-08-26 23:20:11 (17 day(s) left)


Certificate name: tierschnack.de (Let's Encrypt)

Verification ended with an error.
Details: 85.214.79.33: Fetching https://tierschnack.de/.well-known/acme ... npFkalanYo: Error getting validation data
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"85.214.79.33: Fetching https:\/\/tierschnack.de\/.well-known\/acme-challenge\/XrNw68d9hR7Z1qTkD4w_2TpXm5hOt506vnpFkalanYo: Error getting validation data","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/139874552486\/C0keew","token":"XrNw68d9hR7Z1qTkD4w_2TpXm5hOt506vnpFkalanYo","validationRecord":[{"url":"http:\/\/tierschnack.de\/.well-known\/acme-challenge\/XrNw68d9hR7Z1qTkD4w_2TpXm5hOt506vnpFkalanYo","hostname":"tierschnack.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"},{"url":"http:\/\/tierschnack.de\/.well-known\/acme-challenge\/XrNw68d9hR7Z1qTkD4w_2TpXm5hOt506vnpFkalanYo","hostname":"tierschnack.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"85.214.79.33"},{"url":"https:\/\/tierschnack.de\/.well-known\/acme-challenge\/XrNw68d9hR7Z1qTkD4w_2TpXm5hOt506vnpFkalanYo","hostname":"tierschnack.de","port":"443","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"}],"validated":"2022-08-08T22:20:44Z"}
Valid until: 2022-08-26 23:20:20 (17 day(s) left)


Certificate name: francis.tierschnack.de (Let's Encrypt)

Verification ended with an error.
Details: 85.214.79.33: Fetching https://francis.tierschnack.de/.well-kn ... DBZRUhnyz4: Error getting validation data
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"85.214.79.33: Fetching https:\/\/francis.tierschnack.de\/.well-known\/acme-challenge\/JKMrlniXJZq-MMtmRauMNqCJoqJQqKY7ODBZRUhnyz4: Error getting validation data","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/139874595256\/H3xBwA","token":"JKMrlniXJZq-MMtmRauMNqCJoqJQqKY7ODBZRUhnyz4","validationRecord":[{"url":"http:\/\/francis.tierschnack.de\/.well-known\/acme-challenge\/JKMrlniXJZq-MMtmRauMNqCJoqJQqKY7ODBZRUhnyz4","hostname":"francis.tierschnack.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"},{"url":"http:\/\/francis.tierschnack.de\/.well-known\/acme-challenge\/JKMrlniXJZq-MMtmRauMNqCJoqJQqKY7ODBZRUhnyz4","hostname":"francis.tierschnack.de","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"85.214.79.33"},{"url":"https:\/\/francis.tierschnack.de\/.well-known\/acme-challenge\/JKMrlniXJZq-MMtmRauMNqCJoqJQqKY7ODBZRUhnyz4","hostname":"francis.tierschnack.de","port":"443","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"}],"validated":"2022-08-08T22:20:55Z"}
Valid until: 2022-08-26 23:20:28 (17 day(s) left)


Certificate name: echome.24unix.net (Let's Encrypt)

Verification ended with an error.
Details: 85.214.79.33: Fetching https://echome.24unix.net/.well-known/a ... lX1xaiwt4E: Error getting validation data
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"85.214.79.33: Fetching https:\/\/echome.24unix.net\/.well-known\/acme-challenge\/A4oIw8MLDZ80XHhAMXWjsTek84U_18aDPlX1xaiwt4E: Error getting validation data","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/139874788026\/h7yeSA","token":"A4oIw8MLDZ80XHhAMXWjsTek84U_18aDPlX1xaiwt4E","validationRecord":[{"url":"http:\/\/echome.24unix.net\/.well-known\/acme-challenge\/A4oIw8MLDZ80XHhAMXWjsTek84U_18aDPlX1xaiwt4E","hostname":"echome.24unix.net","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"},{"url":"http:\/\/echome.24unix.net\/.well-known\/acme-challenge\/A4oIw8MLDZ80XHhAMXWjsTek84U_18aDPlX1xaiwt4E","hostname":"echome.24unix.net","port":"80","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"85.214.79.33"},{"url":"https:\/\/echome.24unix.net\/.well-known\/acme-challenge\/A4oIw8MLDZ80XHhAMXWjsTek84U_18aDPlX1xaiwt4E","hostname":"echome.24unix.net","port":"443","addressesResolved":["85.214.79.33","2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"],"addressUsed":"2a01:238:42db:7400:d0ef:e94b:7f8a:6f55"}],"validated":"2022-08-08T22:21:31Z"}
Valid until: 2022-08-27 23:20:25 (18 day(s) left)
------------------------------------

Best regards,
Your support team


---
This message was generated automatically.
Please do not reply to this email.

Re: SSL/TLS certificate problems on server

Posted: Tue 9. Aug 2022, 14:00
by Alexander
Grüße,

such einmal nach der Meldung: "Error getting validation data". Das bringt ein paar Beiträge aus der Let's Encrypt Community zutage.

Weiterhin kannst du einmal hiermit schauen: https://letsdebug.net/

Re: SSL/TLS certificate problems on server

Posted: Tue 9. Aug 2022, 14:05
by MLan

Re: SSL/TLS certificate problems on server

Posted: Tue 9. Aug 2022, 16:37
by 24unix
Vielen Dank euch beiden, manchmal ist man echt betriebsblind.

Re: SSL/TLS certificate problems on server

Posted: Tue 9. Aug 2022, 18:00
by 24unix
Edit: Problem scheint beim IPv6 zu liegen, ich kann den Host aktuell via IPv6 nicht von zu Hause oder einem anderen vServer anpingen, ich prüfe das.




Hm, zu früh gefreut, als ich vorhin nach Hause kam und die Beiträge angclickt habe dachte ich, OK; ist bei mir im DNS was verbastelt.
Aber das sieht OK aus.

Ich bekomme eigentlich immer folgende Meldung:
AAAANotWorking
ERROR
crowddataworker.de has an AAAA (IPv6) record (2a01:238:42db:7400:d0ef:e94b:7f8a:6f55) but a test request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address. You should either ensure that validation requests to this domain succeed over IPv6, or remove its AAAA record.
Wahrscheinlich ein Verständnisproblem auf meiner Seite.

Ich habe bei allen Domains http => https aktiviert.

Code: Select all

Get "http://crowddataworker.de/.well-known/acme-challenge/letsdebug-test": dial tcp [2a01:238:42db:7400:d0ef:e94b:7f8a:6f55]:80: connect: permission denied
Müsste da nicht eine Weiterleitung erfolgen statt des permission denied?

Das sieht doch ok aus:

Code: Select all

% host crowddataworker.de
crowddataworker.de has address 85.214.79.33
crowddataworker.de has IPv6 address 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55
crowddataworker.de mail is handled by 10 mail.crowddataworker.de.

2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/void
    inet 127.0.0.1/32 scope host venet0
       valid_lft forever preferred_lft forever
    inet 85.214.79.33/32 brd 85.214.79.33 scope global venet0:0
       valid_lft forever preferred_lft forever
    inet6 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55/128 scope global
       valid_lft forever preferred_lft forever
Was mich wundert ist, dass es monatelang ohne Probleme ging, seit drei Tagen kommen die Mails, aber ich habe am Setup nichts geändert.

Edit2:

IONOS

Code: Select all

root@jarjar : ~
[2] # ping6 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55
PING 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55(2a01:238:42db:7400:d0ef:e94b:7f8a:6f55) 56 data bytes
From 2a01:238:10c:0:1042:2062:1082:1 icmp_seq=1 Destination unreachable: Administratively prohibited
NetCup:

Code: Select all

# ping6 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55
PING 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55(2a01:238:42db:7400:d0ef:e94b:7f8a:6f55) 56 data bytes
From 2a01:238:10c:0:1042:2062:1082:1 icmp_seq=1 Destination unreachable: Administratively prohibited [
Zu Hause:

Code: Select all

 % ping6 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55
PING6(56=40+8+8 bytes) 2a03:7847:2252:199:d9a6:fee0:8c36:c830 --> 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55
^C
--- 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55 ping6 statistics ---
9 packets transmitted, 0 packets received, 100.0% packet loss

Re: SSL/TLS certificate problems on server

Posted: Tue 9. Aug 2022, 18:24
by MLan

Code: Select all

curl -4 -I https://crowddataworker.de/
HTTP/2 200  OK

Code: Select all

curl -6 -I http://crowddataworker.de/
curl -6 -I https://crowddataworker.de/

curl: (7) Failed to connect to crowddataworker.de port 443: Permission denied
Firewall ?
Falsche IPv6 im DNS ?

Re: SSL/TLS certificate problems on server  [GELÖST]

Posted: Tue 9. Aug 2022, 18:40
by 24unix
MLan wrote: Tue 9. Aug 2022, 18:24

Code: Select all

curl -4 -I https://crowddataworker.de/
HTTP/2 200  OK

Code: Select all

curl -6 -I http://crowddataworker.de/
curl -6 -I https://crowddataworker.de/

curl: (7) Failed to connect to crowddataworker.de port 443: Permission denied
Firewall ?
Strato hat, anders als IONOS, keine Firewall vor den Kisten.
In der KH Firewall ist 80/443 erlaubt, unabhängig vom Protokoll.


Falsche IPv6 im DNS ?
[/quote]

IP im Panel: 2a01:238:42db:7400:d0ef:e94b:7f8a:6f55
Identisch zu der, die bei Strato angezeigt wird, identisch zu der, die der Server hat und mit der er selber sich pingen kann.


Der apache kennt die Domain auch:
port 443 namevhost crowddataworker.de (/etc/apache2/keyhelp/vhosts/tracer.conf:901)

curl -6 -I http://crowddataworker.de/
curl: (7) Failed to connect to crowddataworker.de port 80 after 4041 ms: Connection refused

Da bekomme ich von zu Hause connection refused statt wie bei Dir denied.
Aber warum will der nicht?

Es lief monatelang ohne Probleme :-(

Re: SSL/TLS certificate problems on server

Posted: Wed 10. Aug 2022, 11:36
by 24unix
So, Problem gelöst.

Warum auch immer war die IPv6 nicht mehr erreichbar, der Support hat es wohl hinbekommen.

Also, wenn ein AAAA existiert musst der Rechner auch zwingend darüber erreichbar sein, LE macht keinen Fallback auf die A Adresse.

Re: SSL/TLS certificate problems on server

Posted: Wed 10. Aug 2022, 12:11
by Tobi
24unix wrote: Wed 10. Aug 2022, 11:36 Also, wenn ein AAAA existiert musst der Rechner auch zwingend darüber erreichbar sein, LE macht keinen Fallback auf die A Adresse.
Das wäre bei einem SSL Check auch ziemlich fragwürdig.
Du annoncierst über das DNS deine IPV6 Adresse und möchtest diese für ein SSL Zertifikat validieren.
Da kann ja nicht einfach stattdessen eine IPV4 Adresse verwendet werden.

Re: SSL/TLS certificate problems on server

Posted: Wed 10. Aug 2022, 18:24
by 24unix
Tobi wrote: Wed 10. Aug 2022, 12:11
24unix wrote: Wed 10. Aug 2022, 11:36 Also, wenn ein AAAA existiert musst der Rechner auch zwingend darüber erreichbar sein, LE macht keinen Fallback auf die A Adresse.
Das wäre bei einem SSL Check auch ziemlich fragwürdig.
Du annoncierst über das DNS deine IPV6 Adresse und möchtest diese für ein SSL Zertifikat validieren.
Da kann ja nicht einfach stattdessen eine IPV4 Adresse verwendet werden.

Wieso nicht?
Das Cert bestätigt die Domain, keine Adressen.
Es kann immer mal sein, dass (wie bei mir) der Link ausfällt. Blöd, wenn deshalb kein neues Cert ausgestellt wird.

Bei meiner BindAPI mache ich immer ein Fallback, wenn v6 nicht erreichbar ist und beides konfiguriert ist.

Re: SSL/TLS certificate problems on server

Posted: Wed 10. Aug 2022, 19:00
by Tobi
Weil IPV4 und IPV6 nicht zwingend auf derselben Maschine beheimatet sein müssen.
Dein „IPV4 Fallback“ würde das gesamte System aushebeln…

Re: SSL/TLS certificate problems on server

Posted: Wed 10. Aug 2022, 19:40
by 24unix
Tobi wrote: Wed 10. Aug 2022, 19:00 Weil IPV4 und IPV6 nicht zwingend auf derselben Maschine beheimatet sein müssen.
Natürlich nicht.
Tobi wrote: Wed 10. Aug 2022, 19:00 Dein „IPV4 Fallback“ würde das gesamte System aushebeln…
Nein.

Es geht um die Domain, nicht die Adressen.
Was willst Du da aushebeln?
Zugriff auf meine Domain/meinen DNS habe nur ich.