Certbot failed to authenticate some domains (authenticator: nginx)

Hello, I tried to set up SSL for my subdomain in AWS EC2 where my website hosted in Hostinger. I am new at configuring the server and I'm facing some issues using Let's Encrypt.

I was able to succesfully set up the SSL for another subdomain before, but the domain in this one was in GoDaddy.

My domain is: soventix.com.do

My Subdomain: app.soventix.com.do

I ran this command: sudo certbot --nginx -d app.soventix.com.do

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): henfry.delossantos@gmail.com


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?


(Y)es/(N)o: y


Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.


(Y)es/(N)o: n
Account registered.
Requesting a certificate for app.soventix.com.do

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: app.soventix.com.do
Type: unauthorized
Detail: 2a02:4780:3:1200:0:20d3:1110:10: Invalid response from http://app.soventix.com.do/.well-known/acme-challenge/JOvvbTGjyQ_QFNe8PrDcAMilKp5EojnbUH2LADL86bU: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx/1.24.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 24.04 LTS

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

Additional information:

After running sudo certbot --nginx -d app.soventix.com.do --debug --verbose

This came out:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for app.soventix.com.do
Performing the following challenges:
http-01 challenge for app.soventix.com.do
Waiting for verification...
Challenge failed for domain app.soventix.com.do
http-01 challenge for app.soventix.com.do

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: app.soventix.com.do
  Type:   unauthorized
  Detail: 2a02:4780:3:1200:0:20d3:1110:10: Invalid response from http://app.soventix.com.do/.well-known/acme-challenge/Jpec1SS-EhGCtap2v2CdwC0kHZUyjUYXwzAALjtj4qE: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.9.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1450, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Hi @henfrydls, and welcome to the LE community forum :slight_smile:

You seem to have removed the IPv6 address from that FQDN:

Name:    app.soventix.com.do
Address: 3.91.205.148

Did that resolve the problem?

3 Likes

Is added:

In fact, it works well with the port 80 (http://).

That is good.
But were you able to get a cert?
[has your problem been resolved?]

3 Likes

Not yet. The problem continues as the shown in beginning.

Please post the new error message. The problem shown in the beginning has an IPv6 address (AAAA record) associated with it per:

4 Likes

Tried it now and the problem was solved. May it takes some time to the DNS to register the A o AAAA record. Thanks.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.