Challenge Failed - Please check your A/AAAA records

My domain is: nextreturn.com

I am using certbot to setup my ssl-certificate. I tried the following:

> sudo certbot --nginx -d nextreturn.com -d www.nextreturn.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextreturn.com
http-01 challenge for www.nextreturn.com
Waiting for verification...
Challenge failed for domain nextreturn.com
Challenge failed for domain www.nextreturn.com
http-01 challenge for nextreturn.com
http-01 challenge for www.nextreturn.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: nextreturn.com
   Type:   unauthorized
   Detail: Invalid response from https://nextreturn.com/index.php
   [2a01:4f8:d0a:526d::2]: "<!DOCTYPE html>\n<html
   lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link
   rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"

   Domain: www.nextreturn.com
   Type:   unauthorized
   Detail: Invalid response from https://www.nextreturn.com/index.php
   [2a01:4f8:d0a:526d::2]: "<!DOCTYPE html>\n<html
   lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link
   rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I am running on ubuntu 20 an nginx/1.18.0 (Ubuntu) and my domain is with the hosting provider hetzner.

I am configuring my server fully over an ssh-terminal and my certbot version is certbot 0.40.0

I used dig nextreturn.com, which gives my correct server IP. My website is also fully reachable currently via http.

An suggestions what I am doing wrong?

I appreciate your replies!

1 Like

Your IPv4 address has the nginx webserver running, but the configured IPv6 address has an Apache instance running. Is the IPv6 address correct? (Most likely not..)

5 Likes

Thx for your reply. How would you fix this. Should I just convert my ipv4 to ipv6 and add it as AAAA record on my DNS server?

Or should I migrate nginx to ipv6?

No, you shouldn't "convert" anything. Most webservers have both.

Migrate? Nginx is in principle already perfectly fine with IPv6, depending on your nginx configuration. The point is, if I connect to your website through IPv6 currently, I'm not even connecting to nginx, but to an Apache webserver!

I'm feeling you don't really grasp the meaning of what I said earlier. Please read some more info about the difference between IPv4 and IPv6. Next, figure out if the webserver of your site actually has IPv6 connectivity. If it does, update your AAAA DNS resource record to the correct IPv6 address. If it doesn't, either add IPv6 connectivity and update your AAAA DNS resource record or remove the AAAA resource record alltogether.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.