404 Invalid Response - ACME Challenge

Hello community!

I followed this tutorial: How To Secure Nginx with Let's Encrypt on Ubuntu 20.04 | DigitalOcean

Domain: thaerium.com
Command: sudo certbot --nginx -d thaerium.com -d www.thaerium.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for thaerium.com and www.thaerium.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: thaerium.com
  Type:   unauthorized
  Detail: 2a00:4b40:aaaa:2004::7: Invalid response from http://thaerium.com/.well-known/acme-challenge/pclSTvtAJxQg23IyG8wsKinmuRCCNoEXjKptfTD-9_w: 404

  Domain: www.thaerium.com
  Type:   unauthorized
  Detail: 2a00:4b40:aaaa:2004::7: Invalid response from http://www.thaerium.com/.well-known/acme-challenge/vMEqiSGIe_BriZ1RKoW_y-lbFww6eIwQMjRxcxjrbek: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Web server: nginx/1.24.0
Operating system: Ubuntu 23.10
Hosting provider: Digital Ocean
Root: Yes
Control panel: No
Certbot version:2.1.0

nginx configuration for thaerium.com:

server {
    listen 80;
    listen [::]:80;
    server_name thaerium.com www.thaerium.com;
    root /var/www/thaerium.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;

Not entirely sure what other information I need to provide so please ask away and I will try to answer.

Any help or tips help :slight_smile: Thank you


That is an IPv6 address. You have an AAAA record in your DNS but it does not look to be pointing at your nginx server. Your A record for IPv4 looks correct but Let's Encrypt favors IPv6 when present.

You should correct the AAAA address to the correct one. Or, remove it if you do not support IPv6.

Note the Let's Debug test results below show IPv6 reaches an openresty server while your IPv4 address is nginx.

You can check your public IP addresses many ways but one tool is running these commands to see what is returned.

curl -4 https://ifconfig.io
curl -6 https://ifconfig.io

Did fix the issue, appreciate it :slight_smile: Thank you


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.