Certbot failed to authenticate some domains

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:hodgsonsantiquesblog.com

I ran this command: i'm a student and i'm doing a wordpress project to build a website. i'm using google cloud to set up my domain to use wordpress using the plugin OpenLiteSpeed, i am now following this video "Wordpress hosting on Google | FREE - YouTube" to set up OpenLiteSpeed via SSH

It produced this output:
Last login: Sat Nov 19 21:50:11 2022 from 35.235.240.5
To visit your apps by domain instead of IP, please enter a valid domain.
If you don't have one yet, you may cancel this process by pressing CTRL+C and continuing to SSH.
This prompt will open again the next time you log in, and will continue to do so until you finish the setup.
Make sure the domain's DNS record has been properly pointed to this server.
Enter the root domain only, then the system will add both the root domain and the www domain for you.
Your domain: hodgsonsantiquesblog.com
The domain you put is: hodgsonsantiquesblog.com
Please verify it is correct. [y/N] y

Domain has been added into OpenLiteSpeed listener.

Do you wish to issue a Let's encrypt certificate for this domain? [y/N] y
[OK] hodgsonsantiquesblog.com is accessible.
[OK] www.hodgsonsantiquesblog.com is accessible.
Please enter your E-mail: kotoba1119@126.com
The E-mail you entered is: kotoba1119@126.com
Please verify it is correct: [y/N] y
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for hodgsonsantiquesblog.com and www.hodgsonsantiquesblog.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: hodgsonsantiquesblog.com
Type: unauthorized
Detail: 2607:f1c0:100f:f000::200: Invalid response from http://hodgsonsantiquesblog.com/.well-known/acme-challenge/Wddos7liytBcrAr8bRSiT9CWmHvcRFt2u5SyM_iaNT4: 204

Domain: www.hodgsonsantiquesblog.com
Type: unauthorized
Detail: 2607:f1c0:100f:f000::200: Invalid response from http://www.hodgsonsantiquesblog.com/.well-known/acme-challenge/eC_wX_BydBxXwY91vc1JwivY5dE2bqX1S5HkxTsLFAc: 204

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Oops, something went wrong...

My web server is (include version): sorry, i don't know

The operating system my web server runs on is (include version):sorry, i don't know

My hosting provider, if applicable, is: google cloud

I can login to a root shell on my machine (yes or no, or I don't know): i don't know

Thank you very much！

What kind of student are you (arts? medicine? IT?) and what's the project?

Thank you for your reply!
I major in communication, and this project is for a course about UX and i need to build a website by Wordpress.
I don't want to pay an expensive fee for Wordpress business plan to get access to plugin, so I followed this youtube video (recommended by my classmate) to try to use wordpress in this way.
Also, that's why these coding is very hard for me, i'm very confused and don't know what's wrong. Hope to seek some help from the professionals!

Ah, communication. Well, websites are of course a good example of a form of communication

To address your issue: your hostnames have an A as wel as an AAAA resource record configured in DNS. On the IPv4 (A) address, a LiteSpeed server is listening (which you say you're using [OpenLiteSpeed]), but on the IPv6 (AAAA) address an Apache webserver is listening. And when specifically requesting the path /.well-known/acme-challenge/ there's a nginx webserver behind the response? Also, the IPv6 address seems to be owned by a company called IONOS Inc. and not Google.

So I suspect your DNS setting for the AAAA record is incorrect. Please refer to Google Cloud what the correct AAAA resource record value (IPv6 address) should be.

Yes, the IPv6 address is owned by IONOS , that's where I bought this domain. (sorry for the confusion, me myself is not familiar with the terms).
I change the DNS setting as below, I would appreciate it if you could help me to check if this is not right

image1443×714 41.2 KB

I believe those are the current DNS settings with a Google IPv4 address for both hostnames (the ones with the red box) which seem to be correct and I see two AAAA resource records with an Ionos IPv6 address.

Let's Encrypt prefers IPv6, as do most clients. You should also point your AAAA resource records to the Google Cloud IPv6 address instead of the current Ionos address.

Thank you! do you mean i should change the value of below 2 with red boxes into "35.223.43.146" as well?

image1480×251 14.2 KB

No, you can't put an IPv4 address as value for an AAAA resource record. You should either find out the IPv6 address of your server and use that (e.g. by running curl -6 ifconfig.co) or by removing the AAAA resource records entirely.

let me try removing them entirely! just a sec! thank you again!

thank you so much!! it was successfully installed!!
I was wondering if I could also ask below questions regarding the wordpress installation via the plugin i mentioned?
I am still having trouble with login into the wordpress dashboard, seems like somehow i skipped the first step of the wordpress installation (where i set the username and password) and when i visit my domain it directly goes to the page instead of the wordpress dashboard, and I have no idea what's my username and password since i never see the setup page.. I don't know who to turn to so I just tried to write my problems here, thank you for your attention!

I'd start with the hosting company.

Thank you all for your kind support!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.