Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Possible Let's Encrypt bug

Possible Let's Encrypt bug

Scheduled Pinned Locked Moved Solved Support
certificateacmeletsencryptipv6networking
6 Posts 2 Posters 606 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C Offline
    C Offline
    creative567145
    wrote on last edited by girish
    #1

    Hello everybody

    The last 2 Cloudron installations on Azure VPS and Contabo VPS, have resulted in the same problem.
    The Let's Encrypt Certificate failed to be issued.

    Here is the Contabo VPS log:

    Oct 27 21:43:28box:taskworker Starting task 3. Logs are at /home/yellowtent/platformdata/logs/tasks/3.log
Oct 27 21:43:28box:tasks update 3: {"percent":101,"message":"Ensuring certs of my.chat.newtonhealthcore.com"}
Oct 27 21:43:28box:reverseproxy ensureCertificate: my.chat.newtonhealthcore.com needs acme cert
Oct 27 21:43:28box:cert/acme2 getCertificate: for fqdn my.chat.newtonhealthcore.com and domain chat.newtonhealthcore.com
Oct 27 21:43:28box:cert/acme2 Acme2: will get cert for fqdn: my.chat.newtonhealthcore.com cn: my.chat.newtonhealthcore.com certName: my.chat.newtonhealthcore.com wildcard: false http: true
Oct 27 21:43:28box:cert/acme2 getCertificate: start acme flow for my.chat.newtonhealthcore.com from https://acme-v02.api.letsencrypt.org/directory
Oct 27 21:43:31box:cert/acme2 Attempt 1 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:43:51box:cert/acme2 Attempt 2 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:44:11box:cert/acme2 Attempt 1 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:44:11box:cert/acme2 Acme2: will get cert for fqdn: my.chat.newtonhealthcore.com cn: my.chat.newtonhealthcore.com certName: my.chat.newtonhealthcore.com wildcard: false http: true
Oct 27 21:44:11box:cert/acme2 getCertificate: for fqdn my.chat.newtonhealthcore.com and domain chat.newtonhealthcore.com
Oct 27 21:44:11box:cert/acme2 getCertificate: start acme flow for my.chat.newtonhealthcore.com from https://acme-v02.api.letsencrypt.org/directory
Oct 27 21:44:11box:cert/acme2 Attempt 1 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:44:31box:cert/acme2 Attempt 2 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:44:51box:cert/acme2 Attempt 2 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:44:51box:cert/acme2 Acme2: will get cert for fqdn: my.chat.newtonhealthcore.com cn: my.chat.newtonhealthcore.com certName: my.chat.newtonhealthcore.com wildcard: false http: true
Oct 27 21:44:51box:cert/acme2 getCertificate: for fqdn my.chat.newtonhealthcore.com and domain chat.newtonhealthcore.com
Oct 27 21:44:51box:cert/acme2 getCertificate: start acme flow for my.chat.newtonhealthcore.com from https://acme-v02.api.letsencrypt.org/directory
Oct 27 21:44:51box:cert/acme2 Attempt 1 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:45:11box:cert/acme2 Attempt 2 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:45:31box:reverseproxy ensureCertificate: error: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443
Oct 27 21:45:31box:tasks update 3: {"message":"Rebuilding app configs"}
Oct 27 21:45:31box:reverseproxy writeDashboardConfig: writing admin config for chat.newtonhealthcore.com
Oct 27 21:45:31box:reverseproxy writeCertificate: my.chat.newtonhealthcore.com will use fallback certs because acme is missing
Oct 27 21:45:31box:shell reload spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
Oct 27 21:45:31box:mailserver checkCertificate: certificate has not changed
Oct 27 21:45:31box:shell notifyCertChange spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh box
Oct 27 21:45:31box:tasks update 3: {"message":"Checking expired certs for removal"}
Oct 27 21:45:31box:reverseproxy cleanupCerts: done
Oct 27 21:45:31box:tasks setCompleted - 3: {"result":null,"error":null}
Oct 27 21:45:31box:tasks update 3: {"percent":100,"result":null,"error":null}
Oct 27 21:45:31box:taskworker Task took 122.95 seconds

    Have any of you found a solution for this? 🙂

    girishG 1 Reply Last reply
    1
    • girishG Offline
      girishG Offline
      girish Staff
      replied to creative567145 on last edited by
      #2

      @creative567145 said in Possible Let's Encrypt bug:

      Oct 27 21:43:31box:cert/acme2 Attempt 1 failed. Will retry: connect ENETUNREACH 2606:4700:60:0:f53d:5624:85c7:3a2c:443

      This is actually the Let's Encrypt server address. Looks like your server is unable to connect via IPv6.

      Try these commands on the server:

      • ping6 2604:a880:1:4a::2:7000
      • curl -6 https://ipv6.api.cloudron.io/api/v1/helper/public_ip
      C 1 Reply Last reply
      0
      • C Offline
        C Offline
        creative567145
        replied to girish on last edited by
        #3

        @girish Thank you Girish very much for your fast and direct response 🙂

        From this command:
        ping6 2604:a880:1:4a::2:7000
        This was the result:

        From fd43:4f4e:5943:50::a icmp_seq=5 Destination unreachable: No route

        .

        And from this command:
        curl -6 https://ipv6.api.cloudron.io/api/v1/helper/public_ip
        This was the result:

        curl: (7) Failed to connect to ipv6.api.cloudron.io port 443 after 1219 ms: Network is unreachable

        Your assistance with this problem will be greatly appreciated 🙂

        1 Reply Last reply
        0
        • C Offline
          C Offline
          creative567145
          wrote on last edited by
          #4

          When I enter in the terminal this:
          enable_ipv6

          This is the result:

          ** (generate:57510): WARNING **: 13:03:50.397: Permissions for /etc/netplan/01-netcfg.yaml are too open. Netplan configuration should NOT be accessible by others.
** (generate:57510): WARNING **: 13:03:50.398: `gateway6` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.
** (generate:57515): WARNING **: 13:03:50.541: Permissions for /etc/netplan/01-netcfg.yaml are too open. Netplan configuration should NOT be accessible by others.
** (generate:57515): WARNING **: 13:03:50.542: `gateway6` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.
WARNING:root:Cannot call Open vSwitch: ovsdb-server.service is not running.
** (process:57513): WARNING **: 13:03:50.959: Permissions for /etc/netplan/01-netcfg.yaml are too open. Netplan configuration should NOT be accessible by others.
** (process:57513): WARNING **: 13:03:50.960: `gateway6` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.
** (process:57513): WARNING **: 13:03:51.254: Permissions for /etc/netplan/01-netcfg.yaml are too open. Netplan configuration should NOT be accessible by others.
** (process:57513): WARNING **: 13:03:51.255: `gateway6` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.
** (process:57513): WARNING **: 13:03:51.255: Permissions for /etc/netplan/01-netcfg.yaml are too open. Netplan configuration should NOT be accessible by others.
** (process:57513): WARNING **: 13:03:51.255: `gateway6` has been deprecated, use default routes instead.
See the 'Default routes' section of the documentation for more details.
          girishG 1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish Staff
            replied to creative567145 on last edited by girish
            #5

            @creative567145 I think the enable_ipv6 command is something provider specific. But as you can see, IPv6 is not working on your server. I think you should reach out to your VPS provider. Another option is to disable IPv6 entirely.

            Something like:

            sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0
sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0
            C 1 Reply Last reply
            0
            • C Offline
              C Offline
              creative567145
              replied to girish on last edited by
              #6

              @girish Thank you. Your solution did the trick.
              But we needed the ipv6 to be functional.
              So what we did to make it work was > reinstall Ubuntu 22.04 LTS OS and didn't install unbound in advance. All is good now.

              1 Reply Last reply
              1
              • girishG girish has marked this topic as solved on

              • Login
              • Don't have an account? Register
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search