Certificate Renewal failed on fastpanel

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:syslab.ai

I ran this command:SSL renewal through fastpanel

It produced this output: Certificate 'syslab.ai' can not be issued as URL 'http://syslab.ai/.well-known/acme-challenge/lmKrNlRwsdHgJOtbwvmT' is not available for verification. Received response is '', expected response was 'lmKrNlRwsdHgJOtbwvmT

My web server is (include version):

The operating system my web server runs on is (include version):ubuntu

My hosting provider, if applicable, is:hostinger

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):fastpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

You should review your DNS A and AAAA records. Let's Encrypt prefers IPv6 when an AAAA record exists (and you do have one). But, responses using IPv4 and IPv6 get different results.

IPv4 gets a normal looking web page but IPv6 gets a FastPanel default page.

If you are sure your IP addresses are correct, review your nginx server block to ensure it listens for both IPv4 and 6.

# Notice content-length 25,258
curl -i4 syslab.ai
HTTP/1.1 200 OK
Server: nginx/1.24.0
Content-Type: text/html; charset=UTF-8
Content-Length: 25258
Last-Modified: Thu, 26 Oct 2023 04:09:40 GMT
ETag: "62aa-60896bda3a900"

# Different content-length and other headers
curl -i6 syslab.ai
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Mon, 19 Feb 2024 19:31:16 GMT
Content-Type: text/html
Content-Length: 15793
Last-Modified: Mon, 24 Jul 2023 13:41:16 GMT
ETag: "64be7f7c-3db1"
2 Likes

Thanks for the reply.
The IPV6 address is correct.

I have a VPS server and the certificates are renewed for other sites.

How do I fix content length and headers issue in IPV6 and IPv4.?
Also how to fix nginx server ?

1 Like

Do you have a way to test connections using IPv6? Maybe try a cell phone with wifi disabled. Many cell carriers use IPv6.

You can test which IP you are testing from in many ways. One is to visit a site like https://ifconfig.io. If that shows an IPv6 address then try http://syslab.ai and see if the same page is displayed as when using an IPv4 connection.

As for checking your nginx config ... can you show the server block for port 80 for this domain?

2 Likes

Here is the output of nginx config

user www-data;
worker_processes  auto;

include /etc/nginx/modules-enabled/*.conf;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format fastpanel '[$time_local] $host $server_addr $remote_addr $status $body_bytes_sent $request_time $request $http_referer $http_user_agent';
    access_log  /var/log/nginx/access.log fastpanel;
    sendfile        on;
    keepalive_timeout  65;
    client_max_body_size 100m;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/fastpanel2-sites/*/*.conf;
    include /etc/nginx/sites-enabled/*.conf;

    server_names_hash_bucket_size 128;
}

I also tried creating a wild card certificate through fast panel. The system gave me the following message.

Issuing the certificate syslab.ai_2024-02-20-15-42_42 was suspended. Make sure the following DNS verification records are added and available:
Name
Record type
Value
_acme-challenge.syslab.ai.
TXT
VA6TUVhjzC5o1Z2frUaJfeZNmW4rSgAC4JBwwL6ot-Y
_acme-challenge.syslab.ai.
TXT
gFqWEZcmFy-iujvkw3PWM9l6-DoTGY_Ziy38snMrviE

Although the above mentioned entries have already been made in the DNS

Regarding ipv6 curl: couldn't get a ipv6 based curl.

If you do not have a way to test connections from IPv6 clients you may want to remove the AAAA record until you can test it.

You did not show the server block for the domain. You only showed the main nginx conf. It uses an include statement to bring in the server blocks.

Can you show output of this which will include all of your active nginx conf

sudo nginx -T

Must be a capital T. The output will be long.

2 Likes

I think I know what the error could be.

At the VPS server, I execute d the following command
'host syslab.ai' . It returns 127.0.0.1 instead of the actual IP
The resolv.conf only shows the localhost as a DNS server.
I edit the file and enter 8.8.8.8 as the DNS server. However, upon reboot changes are lost.
For the same reason curl syslab.ai at the VPS is returning errors.

Any idea how can I resolv this and get the 'host syslab.ai' command return the correct IPV4 and IPV6 addresses instead of just the local IP?

Is there anything in your /etc/hosts file?

3 Likes

What are the correct IP addresses?
Where are those IP addresses stored?

3 Likes

I regenerated the /etc/hostfile and it solved the problem.

Thanks a Million !

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.