Certbot failed to authenticate some domains (authenticator: Apache)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kitchenaffinity.com

I ran this command: sudo certbot --apache

It produced this output: Certbot failed to authenticate some domains (authenticator: Apache)

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 24.04 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 2.9.0

1 Like

@IrfanNajam , welcome to the community!

The domain kitchenaffinity.com has both IPv4 and IPv6 addresses, and they do not lead to the same host. Seemingly the system published via IPv6 address is on hostinger. Is it an old provider used before migrating to AWS? If yes, you may want to change the IPv6 address from the old to the new one on AWS.

6 Likes

Please provide the entire output. This message alone does not provide any useful information.

Also, Let's Debug confirms Bruncsaks mentioned discrepancy: Let's Debug

It also mentions that Let's Encrypt has an service disruption active, apparently causing intermittent disruptions.

4 Likes

Thanks @bruncsak for helping, the problem is resolved.

4 Likes

Thanks @Osiris the problem is resolved.

4 Likes

Dear @bruncsak as the previous problem resolved by the solution you provided. I encountered one more problem when accessing the individual post. The error says:

Not Found

The requested URL was not found on this server.

Apache/2.4.58 (Ubuntu) Server at kitchenaffinity.com Port 443

Thanks

1 Like

The server on the IPv6 address is timing out. Are you sure that 2600:1f18:78a4:e269:6e73:3b7f:f71e:6801 is the correct address for kitchenaffinity.com?
What are the outputs of the
ip -6 address show scope global | grep inet6
and
curl -6 http://ifconfig.co
commands?

What is the URL of the "individual post" you are referring to?

4 Likes
  1. Yes. The IPv6 is the same as that you mentioned.
  2. for first command the output is "inet6 2600:1f18:78a4:e269:6e73:3b7f:f71e:6801/128 scope global dynamic noprefixroute"
  3. there is no output for second command.
  4. https://kitchenaffinity.com/exploring-the-cuisine-of-marrakech/ (this is the post page. when I open the page from the main page (https://kitchenaffinity.com/) it shows the error.

Your IPv6 isn't working. Your own curl -6 failed to make a connection outbound and connections inbound on IPv6 timeout.

Are you using EC2? Do your Security Rules allow IPv6? A test set of mine looks like below. Note the "::/0" lines for IPv6

3 Likes

What error? Because I can connect to it find using IPv4 but the page is just missing. That's just your server configuration.

curl -i4 https://kitchenaffinity.com/exploring-the-cuisine-of-marrakech/
HTTP/1.1 404 Not Found
Date: Fri, 24 May 2024 00:36:37 GMT
Server: Apache/2.4.58 (Ubuntu)
Content-Length: 282
Content-Type: text/html; charset=iso-8859-1

3 Likes

Replying to your questions;

  1. Yes I am using EC2
  2. I am not getting your point as I am not expert in this area of programming related things like web server configuration. You can guide me what to do. I am attaching the snap for the inboud and outbound rules. Note: I have edited the rules after my previous reply.

I will give some tips but we are not a general purpose support site for AWS or to educate on server administration.

There is a lot for you to learn when starting to manage your own servers.

Your EC2 Security Rules look okay to me. Perhaps some other aspect of your IPv6 configuration in your VPN is not correct. You should contact AWS support and docs for the correct way to support IPv6. Or, remove the AAAA record from your DNS so people do not try using IPv6 to connect to your site.

# Connections to you using IPv4 work fine
curl -i4 https://kitchenaffinity.com/exploring-the-cuisine-of-marrakech/
HTTP/1.1 404 Not Found
Date: Sat, 25 May 2024 13:51:35 GMT
Server: Apache/2.4.58 (Ubuntu)
Content-Length: 282
Content-Type: text/html; charset=iso-8859-1

# Connections to you using IPv6 fail
curl -i6 https://kitchenaffinity.com/exploring-the-cuisine-of-marrakech/
curl: (28) Failed to connect to kitchenaffinity.com port 443 after 135202 ms:
Connection timed out

As for the "404" Requested URL Not Found "error" that is something you need to fix in your Apache configuration. You should review Apache docs and support forums on how to setup Apache. We focus on helping people get and use Let's Encrypt certs. Your certs are working fine. Your website is not configured properly to serve the correct page.

3 Likes

Thanks

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.