Certbot failed to authenticate some domains (authenticator: apache)

My domain is: copilot-fabriko.ai

I ran this command: cerbot

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate and install certificates?


1: Apache Web Server plugin (apache)
2: Nginx Web Server plugin (nginx)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.


1: copilot-fabriko.ai


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for copilot-fabriko.ai

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: copilot-fabriko.ai
Type: unauthorized
Detail: 2a02:4780:22:66d:d14:79f3:2c42:9f10: Invalid response from http://copilot-fabriko.ai/.well-known/acme-challenge/CsGMv_ltI-OlGI12HlLVIbvWlrmUd2BYN4YaoHOTEpY: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): vps

The operating system my web server runs on is (include version): ubuntu 22.04

My hosting provider, if applicable, is: hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, only console

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.6 (snap)

While there is an Apache webserver answering on IPv4, your IPv6 address (2a02:4780:24:2d36:3cd3:b643:e2f8:9a86) is a different webserver. It identifies itself as "hcdn" (which does not ring a bell for me) and also somewhere else as "LiteSpeed".

Please make sure your DNS settings are correct, especially the IPv6 addres.

2 Likes

Ok I understand, in the DNS of the domain I do not have IPv6 configured, if the configuration is done as in IPv4, would the process end, would the problem no longer exist? use this command to see the status of IPV6 root@srv411354:~# dig AAAA copilot-fabriko.ai

; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> AAAA copilot-fabriko.ai
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28168
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;copilot-fabriko.ai. IN AAAA

;; ANSWER SECTION:
copilot-fabriko.ai. 60 IN AAAA 2a02:4780:1d:8a7a:90fc:b9d1:d099:8b05

;; Query time: 75 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Sep 29 21:11:37 UTC 2023
;; MSG SIZE rcvd: 75

An AAAA record is used for an IPV6 address (an A record for IPv4).

The AAAA should be your public IPv6 address. You should remove it if you do not have one.

3 Likes

ok, I understand, I'll check this part, thank you very much, the changes have already been made in DNS, we just have to wait

You do not need to wait for TTL timeout propagation. Let's Encrypt queries the authoritive DNS servers directly. Usually those take only a few seconds or a minute to synchronize between themselves.

That said, your DNS servers are performing very very poorly right now.

Use https://unboundtest.com to check your DNS like Let's Encrypt.

Also see dnsviz for several problems with your DNS config

https://dnsviz.net/d/copilot-fabriko.ai/dnssec/

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.