Challenge failed for domain

My domain is: ramonrobben.online

I ran this command: certbot certonly -d ramonrobben.online --dry-run
Then selected option 2: Place files in webroot directory
Tried webroot: /var/www/pterodactyl/public and /var/www/pterodactyl/public/.well-known/acme-challenge

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ramonrobben.online
Input the webroot for ramonrobben.online: (Enter 'c' to cancel): /var/www/pterodactyl/public
Waiting for verification...
Challenge failed for domain ramonrobben.online
http-01 challenge for ramonrobben.online
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ramonrobben.online
   Type:   unauthorized
   Detail: Invalid response from
   http://ramonrobben.online/.well-known/acme-challenge/m_FTHEZ-WEXIOQarR1pTUIEhuvRxM1RXuDm43Z1XlLs
   [2a06:2ec0:1::113]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<HTML><HEAD>\n<TITLE>404 Not
   Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nTh"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
ubuntu 20.04

My hosting provider, if applicable, is: Contabo VPS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.40.0

So I tried to request an ssl certificate and I keep getting this error. I would like to mention that I have made the folder /.well-known/acme-challenge in the web root and made a test file there that I am able to reach.

root@vmi353373:/var/www/pterodactyl/public/.well-known/acme-challenge# curl -I -L -k -X GET http://ramonrobben.online/.well-known/acme-challenge/test
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 24 Jul 2020 14:16:18 GMT
Content-Type: application/octet-stream
Content-Length: 12
Last-Modified: Fri, 24 Jul 2020 14:11:28 GMT
Connection: keep-alive
ETag: "5f1aec10-c"
Accept-Ranges: bytes

I even tried to keep an eye out on the folder while I am doing the test run of certbot to see if the file gets put in the right folder. And it in the exact folder as my test file ( which I am able to download ).

drwxr-xr-x 2 root root 4096 Jul 24 16:43 .
drwxr-xr-x 3 root root 4096 Jul 24 16:11 ..
-rw-r--r-- 1 root root   87 Jul 24 16:43 8h-TV13DtRGCCBpg_Jg8cm7T0wyjVN0u-nJxYBvwsJ8
-rw-r--r-- 1 root root   12 Jul 24 16:11 test
1 Like

Hi @BitSec

your error says, ipv6 sends a wrong answer. But checking your domain via ramonrobben.online - Make your website better - DNS, redirects, mixed content, certificates - there is no ipv6.

Did you try it again?

Your test file is visible, so you have found the correct webroot.

2 Likes

Gotcha, My server didn’t have ipv6 and I just checked with their faq and am currently enabling it and changing the dns to also contain an ipv6. I think that might fix it I didn’t know certbot used ipv6 instead of just ipv4.

2 Likes

@JuergenAuer thanks for your reply

I enabled IPV6 on my linux machine. I also made an AAAA record on my DNS to point to the ipv6 address of my server. Then it still didn’t work but all I had to do was make my nginx listen on the ipv6 address too with:

listen       [::]:80 default_server;

But now it is all fixed and my dry-run output was:

root@vmi353373:~# certbot certonly -d ramonrobben.online --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ramonrobben.online
Input the webroot for ramonrobben.online: (Enter 'c' to cancel): /var/www/pterodactyl/public
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - The dry run was successful.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.