Domain could not be validated with ssl let's encrypt

Help
1

I have this problem whenever I try to install let's encrypt:

docteur-aoun.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:unauthorized, error detail: 2a02:4780:27:1068:0:322e:6f2f:3: Invalid response from http://docteur-aoun.com/.well-known/acme-challenge/nn8xgAgrf94mzIaa9pYtDYAxs1uiCz1U_dV1S-QIfpg: 404

My VPS features:

My server is running: nginx
My domain is: docteur-aoun.com
PHP version: 7.4
OS: Ubuntu 22.04

This is nslookup of the domain:

# nslookup docteur-aoun.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   docteur-aoun.com
Address: 85.31.237.200
Name:   docteur-aoun.com
Address: 2a02:4780:27:1068:0:322e:6f2f:3

And this is my vhost:

server {
  listen 80;
  listen [::]:80;
  server_name docteur-aoun.com www.docteur-aoun.com;
  root /home/docteur-aoun/htdocs/docteur-aoun.com/public_html;
  #skip challenge requests and
  location ^/(?!\.well-known) {
    #send all other requests to HTTPS
    return 301 https://$host$request_uri;
  }#location
  
  auth_basic off;
  allow all;
}
...
2

Open a shell on your vps and check if that IP address is the right one:

curl -6 ifconfig.co
2 Likes
3

I ran the command and this is the results:

2a02:4780:28:e1f::1

4

You should replace the contents of your AAAA record with that. (And check if that works. IPv6 can work in different ways.)

2 Likes
5

If that fails, speak with your IPv6 provider.
Maybe they can explain how they "make it work".

2 Likes
6

I mean, as an intermediate option, iproute2 should know.

1 Like
7

Itried that, now I get this:

docteur-aoun.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:unauthorized, error detail: 2a02:4780:28:e1f::1: Invalid response from http://docteur-aoun.com/.well-known/acme-challenge/oRpqsNRPX8JfRwR9gsSehMw481bK-GpeI8X57cUobn4: 404

8

What command are you using to request the cert?

1 Like
9

Let's check/test the expected challenge location:

  • create the path:
    mkdir -p /home/docteur-aoun/htdocs/docteur-aoun.com/public_html/.well-known/acme-challenge/

  • place a sample test file in the expected challenge location:
    echo "testing" > /home/docteur-aoun/htdocs/docteur-aoun.com/public_html/.well-known/acme-challenge/Test_File-1234

  • verify access to the test file:
    curl -4 http://docteur-aoun.com/.well-known/acme-challenge/Test_File-1234
    curl -6 http://docteur-aoun.com/.well-known/acme-challenge/Test_File-1234

1 Like
10

I did not mention this before, but I am using cloudpanel to install let's encrypt ssl

11

hmm...

Are there any other names that could conflict with this one?
Are there any using a wildcard?

2 Likes
12

I don't think the nginx server block above is the one being used. It should redirect non-ACME requests to HTTPS but instead I get a 403

curl -I4 http://docteur-aoun.com
HTTP/1.1 403 Forbidden
Server: nginx

What other devices are between your nginx server and the internet? A router? A firewall device?

2 Likes
13

I do have a subdomains

14

I am using a VPS server

15

Try running the same curl command, use 4 instead of 6 and tell us what happens.

16

I have those 2 records in my dns zone editor in hostinger:

Capture
Capture1126×183 8.74 KB

17

Those are fine.

18

What could be the cause for failed validations, because I have another domain before this one and has been validated smoothly without any issues what so ever.

19

I would check if your IPv4 is the right one:

curl -4 ifconfig.co
2 Likes
20

I get this IP: 85.31.237.200

which is the correct ip for my VPS