Certbot http-01 challenge, failed to verify the temporary nginx conf

My domain is: qualityskilledsolutions.com

I ran this command:
sudo certbot --nginx -d qualityskilledsolutions.com -d www.qualityskilledsolutions.com -v

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for qualityskilledsolutions.com and www.qualityskilledsolutions.com
Performing the following challenges:
http-01 challenge for www.qualityskilledsolutions.com
Waiting for verification...
Challenge failed for domain www.qualityskilledsolutions.com
http-01 challenge for www.qualityskilledsolutions.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.qualityskilledsolutions.com
Type: connection
Detail: 3.33.130.190: Fetching http://www.qualityskilledsolutions.com/.well-known/acme-challenge/DK4Va7Daokpf6XTz0Mn0F3GG_uG82K49k1dAoPWEu24: Error getting validation data

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is: Ubuntu 22.04 LTS

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: no

The version of my client is: certbot 1.21.0

Welcome @DarkSoliditi

Your DNS has 3 IP addresses for your apex domain. It looks like 2 of those are from some sort of Domain Forwarding or URL Redirect service. You should disable that. Your DNS should only have the public IP address for your nginx server.

qualityskilledsolutions.com. 0 IN A 3.33.130.190
qualityskilledsolutions.com. 0 IN A 15.197.148.33
qualityskilledsolutions.com. 0 IN A 23.239.19.231

The last one looks like the correct one. The first two are probably not.

You should discuss the DNS options with Linode if you do not know how to change them.

Godaddy has my Domain unfortunately, I had port forwarding setup when I was deploying with Heroku but I deleted that forwarding when I switched to Linode. I'm not sure where that forwarding is being assigned at the moment.

I do have another A reference on Godaddy that just says Parked, should I delete that?

Here are my domain stats
A @ 23.239.19.231
A @ Parked
NS @ ns43.domaincontrol.com. (can't delete)
NS @ ns44.domaincontrol.com. (can't delete)
CNAME pay paylinks.commerce.godaddy.com.
CNAME www qualityskilledsolutions.com.
CNAME _domainconnect _domainconnect.gd.domaincontrol.com.
SOA @ Primary nameserver: ns43.domaincontrol.com. (can't delete)

Perhaps this post helps. If not go speak with Godaddy support

That worked!! certbot created the ssl keys! Thank you so much!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.