Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: du.dubclub.wibn
I ran this command: sudo certbot --nginx
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
1: mj.dubclub.win
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for mj.dubclub.win
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mj.dubclub.win
Type: unauthorized
Detail: Invalid response from http://mj.dubclub.win/.well-known/acme-challenge/omMEM_wBFUqS6_VZyZHF-cVjhnwa6l1yQAXqsfeAtFg [2600:3c03::f03c:93ff:febb:cb54]: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version): Description: Ubuntu 20.04.4 LTS
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.26.0
I can get the root website page (based on the IP Address) from another machine with ipV4 and ipV6 but cerbot can't seem to get a good response on ipV6
From the LOG:
"validationRecord": [
{
"url": "http://mj.dubclub.win/.well-known/acme-challenge/N9o5JfdhFO30pv_RkHAr_zByifXOghXDrOu1dYFEfh8",
"hostname": "mj.dubclub.win",
"port": "80",
"addressesResolved": [
"172.104.10.135",
"2600:3c03::f03c:93ff:febb:cb54"
],
"addressUsed": "2600:3c03::f03c:93ff:febb:cb54"
}
From ip addr
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether f2:3c:93:bb:cb:54 brd ff:ff:ff:ff:ff:ff
inet 172.104.10.135/24 brd 172.104.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2600:3c03::f03c:93ff:febb:cb54/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 5209sec preferred_lft 1609sec
inet6 fe80::f03c:93ff:febb:cb54/64 scope link
valid_lft forever preferred_lft forever
Both ipv6 and ipv4 return the same home page which is a modified nginx "it works" page so connectivity is there and the addresses are valid. Not sure why certbot is failing.
Same sort of issue on another linode (du.dubclub.win). These are 2 of 3 clones that I created today, first one was no problems before noon, these two were after 8pm and failing the same way.