[Freedombox-discuss] Let's encrypt certificate from comcast.net failed.

A. F. Cano afc54 at comcast.net
Mon Jan 31 19:45:21 GMT 2022


My certificate for freedombox.rocks has been working fine for a long
long time.  Some time ago, I noticed that in the Let's Encrypt status
page there was another certificate for hsd1.nj.comcast.net (Comcast is
my internet provider).  So far I've left it alone, not sure if I wanted
to obtain it.  What would be the advantage?  But I just tried it and it
failed with this message:

  Failed to obtain certificate for domain hsd1.nj.comcast.net: Saving debug
  log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator
  webroot, Installer None Performing the following challenges: http-01
  challenge for hsd1.nj.comcast.net Using the webroot path /var/www/html for
  all unmatched domains. Waiting for verification... Challenge failed for
  domain hsd1.nj.comcast.net http-01 challenge for hsd1.nj.comcast.net
  Cleaning up challenges Some challenges have failed. 

Not sure what to make of it.  Is it not working because I'm missing
something? or is it not working because comcast is purposefully not
allowing it to work?  It seems to be related to "no valid AAAA records
found".  In the Name Services page, the "Domain Name" is listed as
hsd1.nj.comcast.net with Services: All.


This is what's in the log file:

2022-01-31 14:21:30,622:DEBUG:urllib3.connectionpool:https://acme-v02.api.letse
ncrypt.org:443 "POST /acme/authz-v3/73872895510 HTTP/1.1" 200 637
2022-01-31 14:21:30,625:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 31 Jan 2022 19:21:30 GMT
Content-Type: application/json
Content-Length: 637
Connection: keep-alive
Boulder-Requester: 283468160
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102F7FbVfXBrav7zsv6RQjUGKfXMIHwJiW1_Sit1XZSvHo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

  "identifier": {
    "type": "dns",
    "value": "hsd1.nj.comcast.net"
  "status": "invalid",
  "expires": "2022-02-07T19:21:29Z",
  "challenges": [
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "no valid A records found for hsd1.nj.comcast.net; no valid AAAA records found for hsd1.nj.comcast.net",
        "status": 400
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/73872895510/0oDaVA",
      "token": "BlaMJz5uZM0FFKNkj0IkQ3sm_GCmufnWOL9a2wE1bmw",
      "validated": "2022-01-31T19:21:29Z"
2022-01-31 14:21:30,626:DEBUG:acme.client:Storing nonce: 0102F7FbVfXBrav7zsv6RQjUGKfXMIHwJiW1_Sit1XZSvHo
2022-01-31 14:21:30,629:WARNING:certbot._internal.auth_handler:Challenge failed for domain hsd1.nj.comcast.net
2022-01-31 14:21:30,629:INFO:certbot._internal.auth_handler:http-01 challenge for hsd1.nj.comcast.net
2022-01-31 14:21:30,631:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: hsd1.nj.comcast.net
Type:   dns
Detail: no valid A records found for hsd1.nj.comcast.net; no valid AAAA records found for hsd1.nj.comcast.net
2022-01-31 14:21:30,637:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

More information about the Freedombox-discuss mailing list