Cant retrieve new certificate

PabloX · April 5, 2021, 10:26am

Hello, since 2 days im not able to get a certificate for my site.
i recived a certificate 2 days ago but i had to reset my server.
And now im not able to get a new certificate for some reason.
For my sub domain everything went well.

i checked the recommended fix inside the error message, but everything should be fine.

My domain is:
minemates.net

I ran this command:
sudo certbot --nginx -d minemates.net -d www.minemates.net

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for minemates.net
http-01 challenge for www.minemates.net
Waiting for verification...
Challenge failed for domain minemates.net
Challenge failed for domain www.minemates.net
http-01 challenge for minemates.net
http-01 challenge for www.minemates.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: minemates.net
Type: unauthorized
Detail: Invalid response from
http://minemates.net/.well-known/acme-challenge/6n7zkXp6obgP0vycOsQx30mRFtVmXqoIHPO7TGfsuYI
[2a01:4f8:201:839b::2]: "\r\n404 Not
Found\r\n\r\n

404 Not
Found
\r\n
nginx\r\n"

Domain: www.minemates.net
Type: unauthorized
Detail: Invalid response from
http://www.minemates.net/.well-known/acme-challenge/K7TZk4m_9N1pNkVkUWqVj2cu3d7vzktdgopDmQVrm7M
[2a01:4f8:201:839b::2]: "\r\n404 Not
Found\r\n\r\n

404 Not
Found
\r\n
nginx\r\n"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:
Hetzner

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.40.0

Just checked with letsdebug.
StatusNotOperational

WARNING

The current status as reported by the Let's Encrypt status page is Service Disruption as at 2021-04-05 06:13:06.71 +0000 UTC. Depending on the reported problem, this may affect certificate issuance. For more information, please visit the status page.

https://letsencrypt.status.io/

Maybe this is my problem and i have to wait till the service is back up again

Osiris · April 5, 2021, 10:57am

Nope, you would have gotten a internal server error (500) from the Let's Encrypt validation server if that was the issue. You're getting an "unauthorized" error from the Let's Encrypt validation server with a "404 file not found" error from your server.

The issue probably here is the fact your nginx server responds differently to requests through IPv4 and IPv6:

osiris@erazer ~ $ curl -Lv6 http://minemates.net/
*   Trying 2a01:4f8:201:839b::2:80...
* Connected to minemates.net (2a01:4f8:201:839b::2) port 80 (#0)
> GET / HTTP/1.1
> Host: minemates.net
> User-Agent: curl/7.74.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 05 Apr 2021 10:55:33 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Sat, 03 Apr 2021 17:22:27 GMT
< Connection: keep-alive
< ETag: "6068a453-264"
< Accept-Ranges: bytes
< 
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
* Connection #0 to host minemates.net left intact
osiris@erazer ~ $ curl -Lv4 http://minemates.net/
*   Trying 148.251.22.142:80...
* Connected to minemates.net (148.251.22.142) port 80 (#0)
> GET / HTTP/1.1
> Host: minemates.net
> User-Agent: curl/7.74.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 05 Apr 2021 10:55:37 GMT
< Content-Type: text/html
< Content-Length: 188
< Last-Modified: Sat, 03 Apr 2021 17:32:30 GMT
< Connection: keep-alive
< ETag: "6068a6ae-bc"
< Accept-Ranges: bytes
< 
<html>
  <head>
    <title>your_domain website</title>
  </head>
  <body>
    <h1>Hello World!</h1>

    <p>This is the landing page of <strong>your_domain</strong>.</p>
  </body>
</html>
* Connection #0 to host minemates.net left intact
osiris@erazer ~ $

As you can see: two different websites are returned.

So you need to configure your nginx properly to make sure IPv4 and IPv6 respond the same way.

PabloX · April 5, 2021, 11:11am

Thank you very much Osiris !

i did not deleted the default configuration. (yes im new to this, still learning)

For ipv6 the default config responded and for v4 my domain config.

have a great day!

system · May 5, 2021, 11:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Cant retrieve new certificate

404 Not Found

404 Not Found

404 Not
Found

404 Not
Found