Certbot returns 404

utklasad · October 10, 2017, 12:01pm

Hello,

I’ve a Ubuntu 16.04 Nginx setup and I’m trying to generate certificates for my domains.

Nginx.conf:

listen 80;
server_name www.sverigerea.se sverigerea.se;

location ^~ /.well-known/acme-challenge/ {
    allow all;
    root /var/www/sverigerea/www;
}

I’ve tried with just /.well-known, try_files and alias. Still the same problem.

I’m using this command to generate:

sudo certbot certonly --webroot -w /var/www/sverigerea/www -d www.sverigerea.se -d sverigerea.se

The error output:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: sverigerea.se
   Type:   unauthorized
   Detail: Invalid response from
   http://sverigerea.se/.well-known/acme-challenge/Jl10AQQH4R--KdXX9hhOCzvFwo2sMpvMzvEcHmBiGAs:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <HTML><HEAD>
   <TITLE>404 Not Found</TITLE>
   </HEAD><BODY>
   <H1>Not Found</H1>
   Th"

   Domain: www.sverigerea.se
   Type:   unauthorized
   Detail: Invalid response from
   http://www.sverigerea.se/.well-known/acme-challenge/s_O4gxOtvmLr7Yibilp9ZroG7gONYgFv0LIkAGrWFUM:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <HTML><HEAD>
   <TITLE>404 Not Found</TITLE>
   </HEAD><BODY>
   <H1>Not Found</H1>
   Th"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

If I create a test.txt file in .well-known/acme-challenge I can access it with my browser… So that’s not the issue.

Any ideas? Permissions maybe? I’ve been struggling with this for hours now… Feels like I’ve tried everything.

Thanks!

mnordhoff · October 10, 2017, 12:42pm

sverigerea.se.  (unsigned)  300  A     185.189.50.49
sverigerea.se.  (unsigned)  300  AAAA  2001:67c:750::11

www.sverigerea.se.  (unsigned)  300  A     185.189.50.49
www.sverigerea.se.  (unsigned)  300  AAAA  2001:67c:750::11

The website is available over IPv6, but that Nginx server block is only applicable to IPv4. IPv6 traffic is going to some other virtual host. The files exist for IPv4 visitors, but the Let's Encrypt validator and other IPv6 clients get the 404 Not Found error.

You need to change "listen 80;" to

listen 80;
listen [::]:80;

to enable IPv6, or remove the AAAA DNS records for the site so that it will only be accessed over IPv4.

utklasad · October 10, 2017, 1:33pm

Ahh… Thank you so much mate! It’s working - wieeee

system · November 9, 2017, 1:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.