Certbot failed to authenticate some domains EC2 instance

Kirity12 · July 10, 2023, 8:39pm

After installing WordPress on my EC2 instance and successfully deploying a site, I purchased a domain from a hosting provider. The hosting provider assigned me an IPV4 address with HTTPS enabled. However, since the IPV4 address of my EC2 instance was different, I had to modify the DNS settings by changing the A record to match my EC2 instance's IPV4 address. The site is now up and running smoothly. However, when I attempt to use Certbot Apache in my instance to secure the connection, I encounter an error.

My domain is: www.ikirityganga.com

I ran this command: sudo certbot --apache

It produced this output:

Requesting a certificate for ikirityganga.com and www.ikirityganga.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: ikirityganga.com
Type: unauthorized
Detail: 2a02:4780:b:874:0:1a6e:e02b:2: Invalid response from http://ikirityganga.com/.well-known/acme-challenge/iVAA3qdysz3_BAKMb-mRYo6PUQJYuEwkZ6BP2Bi9fVI: 404

Domain: www.ikirityganga.com
Type: unauthorized
Detail: 2a02:4780:b:874:0:1a6e:e02b:2: Invalid response from http://www.ikirityganga.com/.well-known/acme-challenge/ufuizdB6v-r3EJ6c9rCkOLbDMP2h1_OZ__b9v0K-Ols: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 22.04.2 LTS

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes (EC2 instance)

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

MikeMcQ · July 10, 2023, 9:09pm

One problem is your DNS has both an A record and an AAAA record. Let's Encrypt favors the AAAA record for IPv6 when present.

Your two addresses point to different servers. One is LiteSpeed (IPv6) and the other Apache (IPv4).

You should correct the AAAA record or remove it if you don't have IPv6 available

Kirity12 · July 10, 2023, 11:30pm

Hi,
Thanks for the response. I can delete the AAAA record and then try. How long the change will take place and what will be the consequences of this change? Also, will I be able to secure the connection then?

Thank you!

MikeMcQ · July 11, 2023, 12:25am

Your AAAA record is already gone. You can check at https://unboundtest.com

People will only be able to reach you using IPv4

If that was the only problem, yes. And, I see your domain using a fresh Let's Encrypt cert so I guess that worked.

system · August 10, 2023, 12:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.