Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/jamerogroupofcompanies.site.conf)
It contains these names: jamerogroupofcompanies.site
You requested these names for the new certificate: jamerogroupofcompanies.site,
www.jamerogroupofcompanies.site, jgcdtr.online, www.jgcdtr.online.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate for jamerogroupofcompanies.site and 3 more domains
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: jgcdtr.online
Type: unauthorized
Detail: 2a02:4780:22:3e31:f221:8d40:6207:7fc7: Invalid response from http://jgcdtr.online/.well-known/acme-challenge/pEbRfSqL-rbxoB8pA1ePkunz2FQfN3sRiFHaejIYjro: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.```Hello @mozby69, welcome to the Let's Encrypt community. 
The IPv4 and IPv6 Addresses do not respond the same.
IPv4 response. Server: nginx/1.18.0 (Ubuntu)
>curl -4 -Ii http://jgcdtr.online/.well-known/acme-challenge/pEbRfSqL-rbxoB8pA1ePkunz2FQfN3sRiFHaejIYjro
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 24 Jun 2024 02:08:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
IPv6 response. Server: hcdn
>curl -6 -Ii http://jgcdtr.online/.well-known/acme-challenge/pEbRfSqL-rbxoB8pA1ePkunz2FQfN3sRiFHaejIYjro
HTTP/1.1 404 Not Found
Server: hcdn
Date: Mon, 24 Jun 2024 02:08:54 GMT
Content-Type: text/html
Content-Length: 150
Connection: keep-alive
Vary: Accept-Encoding
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: ceab6bbbfecb5e0bd58ff3c30b387c6d-phx-edge1
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Thank you for assisting us in helping YOU!
1 Like
Further info, of the 4 names you have only an IPv4 address for 3 of the names and they all work.
But, the jgcdtr.online name has both an A and AAAA record. Hostinger often sets up a default IPv6 address for new names.
You don't have the AAAA / IPv6 address on any of the other names so you should remove the AAAA record from that name too.
Ideally, in the future, you would get IPv6 working for all of them.
3 Likes
@mozby69 presently the online tool Let's Debug yields these results
https://letsdebug.net/jgcdtr.online/2055231
ANotWorking
ERROR
jgcdtr.online has an A (IPv4) record (89.116.50.28) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with jgcdtr.online/89.116.50.28: Get "http://jgcdtr.online/.well-known/acme-challenge/letsdebug-test": context deadline exceeded
Trace:
@0ms: Making a request to http://jgcdtr.online/.well-known/acme-challenge/letsdebug-test (using initial IP 89.116.50.28)
@0ms: Dialing 89.116.50.28
@10000ms: Experienced error: context deadline exceeded
IssueFromLetsEncrypt
ERROR
A test authorization for jgcdtr.online to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
89.116.50.28: Fetching http://jgcdtr.online/.well-known/acme-challenge/gG4a0ie0YuJjiAlE_OJRpRWVpS8ZKrbQ5rEfptbnifI: Timeout during connect (likely firewall problem)
Best Practice - Keep Port 80 Open
The HTTP-01 challenge of the Challenge Types - Let's Encrypt states
"The HTTP-01 challenge can only be done on port 80."
3 Likes
And now it looks like they have it all working well
Although @mozby69 usually redirecting HTTP to HTTPS is best practice.
curl -I4 http://jgcdtr.online
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Length: 612
You can check out online nginx docs for that but we often give quick advice too if you show us the server block for port 80.
3 Likes
Thank you for all your help, it's much appreciated. but somehow I managed to solve it by just deleting the website on Hostinger.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.