certbot.errors.FailedChallenges: Failed authorization procedure NGINX


#1

My domain is: http://alpha.sivantagemarketing.com/

I ran this command: sudo certbot --nginx -d alpha.sivantagemarketing.com --debug-challenges -v

It produced this output: https://gist.github.com/AntoniosHadji/7e257491c14804bbd618165016a0d0dc

My web server is (include version): nginx version: nginx/1.14.0 (EasyEngine)

The operating system my web server runs on is (include version): Ubuntu 16.04.5 LTS

My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I just used certbot to enable ssl on another (html only) website on my server and it worked as expected. (www.marketingmedicinewoman.com)

Now I’m trying to set up alpha.sivantagemarketing.com (wordpress) and it keeps failing.

subdomain alpha.sivantagemarketing.com is set in linode DNS for A/AAAA records.
domain sivantagemarketing.com DNS is set up on cloudflare with NS records for alpha pointing to linode.


Is there a problem with the way the DNS is setup? The base domain is also hosted on different server.

I checked the .well-known directory when the process stopped due to --debug-challenges by ssh from another terminal window and I did not see any files created. The folder structure has same permissions and I’m running as sudo.

I’m not sure what else to check as to why this subdomain is failing to work. It seems to be a failure to create the required files but I can’t see any reason that would fail.


#2

Hi @AntoniosHadji,

You domain alpha.sivantagemarketing.com shows your site usigng IPv4 but it shows the default nginx page using IPv6 so seems a nginx configuration issue because nginx is not serving the same content. As Let’s Encrypt prefers IPv6 over IPv4 it will always fail till you fix your IPv6 config issue or remove the AAAA record for your domain… but better if you fix the IPv6 conf.

Double check whether you have the directive listen [::]:80; in the server block you are using to configure alpha.sivantagemarketing.com, restart nginx and try again.

Cheers,
sahsanu


#3

Thank you, @sahsanu. There were no listen blocks anywhere I could find in the config for this site. I added both

listen 80;
listen [::]:80;

in the existing server block and everything worked perfectly.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.