Please help, I run a proxy server to pass request to internal servers. Letsencypt renew worked with most domain/ sub domains but not with this domain (ketnoi.caobang.gov.vn)
My domain is: ketnoi.caobang.gov.vn
I ran this command:
sudo certbot certonly -d ketnoi.caobang.gov.vn --debug-challenges --dry-run
It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: ketnoi.caobang.gov.vn
Type: unauthorized
Detail: 2001:ee0:305:a::301: Invalid response from http://ketnoi.caobang.gov.vn/.well-known/acme-challenge/G2uI8zZffbdYI_C9DQk4Ih-NE2bZ1cVE8p1Oh0gyNeo: 404
My web server is (include version): nginx/1.14.1
The operating system my web server runs on is (include version): CentOs 8
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.31.0
/OTHER NOTES:
The above command work successfully with admin.ketnoi.caobang.gov.vn and api.ketnoi.caobang.gov.vn
Please help!
The proxy server machine has address of 10.86.19.83 and on the internal DNS server I have all the domains (admin.ketnoi.caobang.gov.vn and ketnoi.caobang.gov.vn, api.ketnoi.caobang.gov.vn) pointed at this address. (10.86.19.83)
I don't really understand the issue!
So it means that I have to modify/remove the IPV6 DNS record of the ketnoi.caobang.gov.vn? This is so strange because last year (<90 days) ago, the auto renewing of ketnoi.caobang.gov.vn worked. I did not touch this letsencrypt SSL since 2 years ago then!
Ok,
Thanks 9peppe for your suports! it might be the upgrade of the dns service provider!
Anything I can do from proxy server (i.e Mapping on the firewall?)
My system is below:
INTERNET >> ROUTER/FIREWALL >> PROXY SERVER >> WEB SERVERS
Proxy server handles all request to different internal servers using 1 single public ip address!
I am not very knowledgeable at nginx configuration.
So far, please share a bit more with me on where possible I can do to avoid asking the DNS provider to remove AAAA record!