Cerbot first certificate fail

kanussoldaat · May 27, 2019, 8:00am

My domain is: diegokfitness.nl

I ran this command: sudo certbot --nginx

It produced this output:

My web server is (include version): nginx

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: i am hosting the server by my own it is a ubuntu 16.04 server i bought the domain name at mijndomein.nl

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

JuergenAuer · May 27, 2019, 8:45am

Hi @kanussoldaat

you have a mix of nginx and Apache.

There are ipv4- and ipv6-addresses ( https://check-your-website.server-daten.de/?q=diegokfitness.nl ):

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
diegokfitness.nl	A	185.171.50.59	yes	1	0
	AAAA	2a00:4e40:1:1::2:20f	yes
www.diegokfitness.nl	A	185.171.50.59	yes	1	0
	AAAA	2a00:4e40:1:1::2:20f	yes

But checking your urls:

Domainname	Http-Status	Sec.	G
• http://diegokfitness.nl/
185.171.50.59	200	0.047	H

• http://diegokfitness.nl/
2a00:4e40:1:1::2:20f	200	0.243	H

• http://www.diegokfitness.nl/
185.171.50.59	200	0.047	H

• http://www.diegokfitness.nl/
2a00:4e40:1:1::2:20f	200	0.234	H

• https://diegokfitness.nl/
185.171.50.59	-2	1.060	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 185.171.50.59:443

• https://diegokfitness.nl/
2a00:4e40:1:1::2:20f	-14	10.024	T
Timeout - The operation has timed out

• https://www.diegokfitness.nl/
185.171.50.59	-2	1.060	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 185.171.50.59:443

• https://www.diegokfitness.nl/
2a00:4e40:1:1::2:20f	-14	10.030	T
Timeout - The operation has timed out

• http://diegokfitness.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.171.50.59	404	0.043	A
Not Found
Visible Content: 404 Not Found nginx/1.10.3 (Ubuntu)

• http://diegokfitness.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:4e40:1:1::2:20f	200	0.236
Visible Content: Begin nu met het maken van je website! Wist je dat je bij Mijndomein snel en voordelig een website kan bouwen zonder technische kennis? Start de websitemaker Dit is niet mijn domein Altijd al een domeinnaam willen hebben? Dat kan! Bij Mijndomein kan je snel en eenvoudig zoeken naar jouw domeinnaam met meer dan 300 extensies! Geen ervaring met het bouwen van een website? Geen enkel probleem. Bij Mijndomein kan iedereen een website bouwen. Zelfs zonder technische kennis! Bekijk de mogelijkheden Kies je domeinnaam Mijndomein is actief sinds 2003 en beheert meer dan 590.000 domeinnamen voor ruim 195.000 klanten

• http://www.diegokfitness.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.171.50.59	404	0.040	A
Not Found
Visible Content: 404 Not Found nginx/1.10.3 (Ubuntu)

• http://www.diegokfitness.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:4e40:1:1::2:20f	200	0.490

Use "show header" to see the headers. The not working https isn't relevant.

http + ipv4 has a nginx, http + ipv6 - an Apache answers.

And checking a validation file in /.well-known/acme-challenge, your nginx sends a http status 404 - Not Found, your Apache answers with a http status 200 and content.

Looks like ipv6 is from your hoster.

So

fix your ipv6, so you nginx answers (or)
remove the ipv6 AAAA records, then create a certificate, then fix your ipv6.

system · June 26, 2019, 8:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.