My domain is: mail.fascist-library.com
I ran this command: cerbot --nginx
It produced this output:
Requesting a certificate for mail.fascist-library.com and www.mail.fascist-library.com
Performing the following challenges:
http-01 challenge for mail.fascist-library.com
http-01 challenge for www.mail.fascist-library.com
Waiting for verification...
Challenge failed for domain mail.fascist-library.com
Challenge failed for domain www.mail.fascist-library.com
http-01 challenge for mail.fascist-library.com
http-01 challenge for www.mail.fascist-library.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mail.fascist-library.com
Type: unauthorized
Detail: 2001:19f0:5:6855:5400:4ff:fe42:3231: Invalid response from
http://mail.fascist-library.com/.well-known/acme-challenge/u2sUa2bnVIwg5Zot0jqK75GncngyaJ1tc8CV5DfQsuM:
404
Domain: www.mail.fascist-library.com
Type: unauthorized
Detail: 2001:19f0:5:6855:5400:4ff:fe42:3231: Invalid response from
http://www.mail.fascist-library.com/.well-known/acme-challenge/4TSHVV80J49h5vr1uDVCoqKukcuNXRvQy0VFG4crEc4:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginx 1.18.0
The operating system my web server runs on is (include version): Debian 11
My hosting provider, if applicable, is: Vultr
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.12.0
I have double, triple, and quadruple checked that my DNS is setup correctly and that port 80 is open. I even used letsdebug.net to be sure it passes http-01. I have the main site, just fascist-library.com, running https just fine also using certbot. I even removed https from it and used certbot again and it worked perfectly. They are both hosted on the same server.
Hi @herbertwatson, and welcome to the LE community forum
Well then...
Allow me to point out the obvious:
curl -Ii6 mail.fascist-library.com
HTTP/1.1 200 OK
Server: nginx/1.18.0
Content-Length: 612
curl -Ii4 www.mail.fascist-library.com
HTTP/1.1 200 OK
Server: nginx/1.18.0
Content-Length: 944
IPv4 and IPv6 do NOT return the same site/content.
curl -6 mail.fascist-library.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Your nginx vhost config is only listening on IPv4.
OR
The IPv6 listener is on another system [not likely].
OR
Other systems are involved [like a proxy] that aren't configured correctly [very unlikely].
OR
...
We/I could go on and on.
That is very unusual. What do I need to do in order to correct this? I do not believe I did anything different between the main site and the mail site.
I am very sorry for my ignorance. I improperly copied the base configuration I made and completely left out the listen statement. Adding it back completely solved my issue. Thank you for pointing it out.
