Let's Encrypt: certbot timeout on renew

26. July 2017
letsencrypt certbot timout https

While trying to add a subdomain to my main tls certificate I constantly received a timout error from certbot. I never had problems like this before and had no idea, whats happening. It seemed to be only one specific subdomain, but when I tried to access it with a normal web browser everything worked like always.

I did not find a solution and forgot the problem for some time, because everything was still working. But now the time came the certificate would expire. I tried a manual certbot renew but still got the timeout. Now I had the great idea to test the subdomain with curl and see, whether I will get a proper response. The result: no, timeout. But: curl showed me the redirects. And there was a redirect to an IPv6 address.

The Problem: Some time ago I added an AAAA DNS entry for this subdomain, but forgot to add it in nginx too. Apparently Let’s Encrypt started to prefer IPv6 at some point, and I missed it. But after removing the AAAA entry from DNS, the renewal finished with no errors and I can keep using the great HTTPS certificates for free.

PS: If you enjoy free certificates like I do, consider a Donation. By next year there will even be wildcard certificates.