Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): devc0n.nl
Requesting a certificate for devc0n.nl
Performing the following challenges:
http-01 challenge for devc0n.nl
Waiting for verification...
Challenge failed for domain devc0n.nl
http-01 challenge for devc0n.nl
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: devc0n.nl
Type: unauthorized
Detail: 2a05:d018:964:c0b:ca65:7773:2dd7:d9bd: Invalid response from http://devc0n.nl/.well-known/acme-challenge/eQrxeLL1W9lEMHIwQ0_lEbywHcAw5YcUAmpM8jDnEwQ: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<!doctype html><html lang=\"nl\"><head> <meta charset=\"UTF-8\"> <meta name="
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Cleaning up challenges
Some challenges have failed.
My web server is (include version):
nginx/1.18.0
The operating system my web server runs on is (include version):
Debian GNU/Linux 11 (bullseye)
My hosting provider, if applicable, is:
hardware = RaspberryPi 3b
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I've gotten a good suggested topic once i posted this question and i have figured it out.
I still had an AAAA record with an IPv6 in the DNS records. which was then quite obviously pinged by CertBot. As i don't have an IPv6 address, i just deleted this from my DNS records on the domain provider. and the issue was resolved!
However I see with nmap Port 80 is open on both IPv6 & IPv4; Port 443 is open on IPv6 and closed on IPv4.
>nmap -6 -Pn devc0n.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-20 15:35 UTC
Stats: 0:00:30 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 37.95% done; ETC: 15:36 (0:00:51 remaining)
Nmap scan report for devc0n.nl (2a05:d018:964:c0b:ca65:7773:2dd7:d9bd)
Host is up (0.13s latency).
Other addresses for devc0n.nl (not scanned): 92.109.54.16
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 68.30 seconds
>nmap -4 -Pn devc0n.nl
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-20 15:34 UTC
Nmap scan report for devc0n.nl (92.109.54.16)
Host is up (0.15s latency).
Other addresses for devc0n.nl (not scanned): 2a05:d018:964:c0b:ca65:7773:2dd7:d9bd
rDNS record for 92.109.54.16: 92-109-54-16.cable.dynamic.v4.ziggo.nl
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 76.01 seconds
Glad you fixed it already. Just a technical point ... Certbot is not the one "pinging" it. Certbot is the ACME Client and makes the cert request. But, it is the Let's Encrypt ACME Servers that make HTTP requests to your domain.
$ nmap -4 -Pn devc0n.nl
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-20 15:40 UTC
Nmap scan report for devc0n.nl (92.109.54.16)
Host is up (0.20s latency).
rDNS record for 92.109.54.16: 92-109-54-16.cable.dynamic.v4.ziggo.nl
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 14.01 seconds
