Can't set the SSL on Ubuntu VPS properly

Help
1

Hi everyone:)

Im facing the isue that you can see below when im trying to install SSL certificate to me domain on an VPS Ubuntu Enviroment. Take on count that DNS are setted up correctly but it seems like certbot cant' acces to some files.

Here's also my Nginx file if u need:

server {
listen 80;
server_name mrnovaoficial.com www.mrnovaoficial.com;

root /root/MrNovaWebSite/build;  # Path to the React app's build directory
index index.html;

location / {
    try_files $uri $uri/ /index.html;
}

location ~ /.well-known/acme-challenge {
    allow all;
    root /var/www/html;  # Cambia esta línea
    try_files $uri =404;
}

}

My domain is:

www.mrnovaoficial.com

I ran this command:

sudo certbot --nginx -d mrnovaoficial.com -d www.mrnovaoficial.com

It produced this output:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mrnovaoficial.com
Type: unauthorized
Detail: 2a02:4780:8:1027:0:1760:d9e4:2: Invalid response from http://mrnovaoficial.com/.well-known/acme-challenge/C6jLRZ8ijm_bILb5OGQ4ayEOb8KWKENf1GBzqXbYq6E: 404

Domain: www.mrnovaoficial.com
Type: unauthorized
Detail: 2a02:4780:8:1027:0:1760:d9e4:2: Invalid response from http://www.mrnovaoficial.com/.well-known/acme-challenge/vRBqEji6GmKqjBOmEBNLdpAyBsg6Sz3-i20gPO6l7-c: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

Hostinger

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

Here's more info if u need:

IP SSH

195.35.25.54

Nombre de usuario SSH

root

Puerto SSH predeterminado

22

IPv6

2a02:4780:28:6df0::1

Heres all my DNS files:

CNAME hostingermail-b._domainkey 0 hostingermail-b.dkim.mail.hostinger.com 300
CNAME hostingermail-a._domainkey 0 hostingermail-a.dkim.mail.hostinger.com 300
CNAME www 0 mrnovaoficial.com 300
CNAME autodiscover 0 autodiscover.mail.hostinger.com 300
CNAME fk7yk6agxl2j 0 gv-37sc2ryhqvxiya.dv.googlehosted.com 14400
CNAME autoconfig 0 autoconfig.mail.hostinger.com 300
CAA @ 0 0 issuewild globalsign.com 14400
CAA @ 0 0 issuewild sectigo.com 14400
CAA @ 0 0 issuewild letsencrypt.org 14400
CAA @ 0 0 issuewild digicert.com 14400
CAA @ 0 0 issuewild comodoca.com 14400
CAA @ 0 0 issue sectigo.com 14400
CAA @ 0 0 issue letsencrypt.org 14400
CAA @ 0 0 issue globalsign.com 14400
CAA @ 0 0 issue digicert.com 14400
CAA @ 0 0 issue comodoca.com 14400
AAAA @ 0 2a02:4780:28:6df0::1 1800
TXT @ 0 v=spf1 include:_spf.mail.hostinger.com ~all 3600
MX @ 10 mx2.hostinger.com 14400
MX @ 5 mx1.hostinger.com 14400
A @ 0 195.35.25.54 14400
3

You have an AAAA record in the DNS for IPv6 - that's good. Let's Encrypt favors IPv6 and you see its address in the error.

The problem is your nginx server block is not listening for IPv6 connections. You need to add this line below your current listen 80; statement:

listen [::]:80;
3 Likes
4

Have you changed that line?

4 Likes
5

Good catch. The --nginx plug-in does not even need such a thing as it inserts its own redirects. But, yeah, they should remove that whole location block to not expose that path to stray queries.

3 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.