Certbot failed to authenticate some domains (authenticator: nginx). The Certificate

meerhwebdev · November 1, 2022, 4:03pm

Domain: xtremeremoval-api.tech
Type: unauthorized
Detail: 2a01:7e00::f03c:93ff:fe76:1b68: Invalid response from http://xtremeremoval-api.tech/.well-known/acme-challenge/ZUXflB_dPG_NfyGxLlwijEd241rApLupO-ZW9a0ZUog: 404

I am transferring my site to another vps (to another company) certbot work fine on previous server but it is giving me this error my site is accessible by HTTP..But letsencrypt is not working this time

MikeMcQ · November 1, 2022, 4:07pm

Welcome to the community @meerhwebdev

Your DNS has both an A and AAAA record for IPv4 and IPv6 addresses. Let's Encrypt servers will use AAAA when present and this address is shown in the error message. Your two addresses seem to point to different servers though. You should review your DNS

(IPv4)
curl -I4  xtremeremoval-api.tech
HTTP/1.1 404 NOT FOUND
Server: nginx/1.22.0 (Ubuntu)
Access-Control-Allow-Origin: *

(IPv6)
curl -I6  xtremeremoval-api.tech
HTTP/1.1 200 OK
Server: nginx/1.22.0 (Ubuntu)
Last-Modified: Tue, 01 Nov 2022 04:34:57 GMT
ETag: "6360a1f1-267"
Accept-Ranges: bytes

EDIT: I should have said .... For Let's Encrypt make sure the AAAA address is pointing to the correct server. And, for other purposes make sure the A record points to the correct server. If the AAAA record is correct let us know and we can check further.

meerhwebdev · November 1, 2022, 4:21pm

Both of the IPs are pointing to one server

MikeMcQ · November 1, 2022, 4:36pm

Then why does a request from an IPv4 client get a different response than one using IPv6?

We will need more info to help debug this. Please answer the questions from the form you were shown as best you can

========================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Bruce5051 · November 1, 2022, 4:40pm

FYI - Presently SSL Server Test: xtremeremoval-api.tech (Powered by Qualys SSL Labs) is showing
Unable to connect to the server (granted that is HTTPS Port 443).

And neither can Rex Swain's HTTP Viewer with http://xtremeremoval-api.tech as the input:

rg305 · November 1, 2022, 5:00pm

HTTP via IPv4 or IPv6?

system · December 1, 2022, 5:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.