Error using certbot on Nginx

My domain is crinavoevod.ro and I also have another one, baletstudio-crinavoevod.ro, pointing to the same site using another Nginx block.

I ran this command: certbot --nginx -d crinavoevod.ro

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for crinavoevod.ro
Waiting for verification...
Challenge failed for domain crinavoevod.ro
http-01 challenge for crinavoevod.ro
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: crinavoevod.ro
   Type:   unauthorized
   Detail: Invalid response from
   http://crinavoevod.ro/.well-known/acme-challenge/qEwokRXYMjVSzs_aP3HKGddJH08IoTYz3Bdc1lVFNKw
   [2a01:7e01::f03c:92ff:fe9c:8d16]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is Nginx 1.18.0 (Ubuntu) and the operating system my web server runs on is Ubuntu 20.04.1 LTS.

My hosting provider is Linode. I can login to a root shell on my machine. I’m not using a control panel. The version of my client is 0.40.0.

I host some other domains on this server, and on every one of them certbot worked smoothly, except to these 2 pesky ones.

Hi @CosminHodis

see your error:

Checking your domain you have ipv4 and ipv6 - https://check-your-website.server-daten.de/?q=crinavoevod.ro

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
crinavoevod.ro A 172.105.248.86 Frankfurt am Main/Hesse/Germany (DE) - Linode Hostname: li1902-86.members.linode.com yes 1 0
AAAA 2a01:7e01::f03c:92ff:fe9c:8d16 Frankfurt am Main/Hesse/Germany (DE) - Linode, LLC yes
www.crinavoevod.ro A 172.105.248.86 Frankfurt am Main/Hesse/Germany (DE) - Linode Hostname: li1902-86.members.linode.com yes 1 0
AAAA 2a01:7e01::f03c:92ff:fe9c:8d16 Frankfurt am Main/Hesse/Germany (DE) - Linode, LLC yes

But checking the urls there are different answers:

Domainname Http-Status redirect Sec. G
http://crinavoevod.ro/ 172.105.248.86 GZip used - 11277 / 41354 - 72,73 % 200 Html is minified: 144,32 % 0.176 H
http://crinavoevod.ro/ 2a01:7e01::f03c:92ff:fe9c:8d16 GZip used - 384 / 612 - 37,25 % 200 Html is minified: 129,94 % 0.033 H
small visible content (num chars: 273)
Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. Further configuration is required. For online documentation and support please refer to nginx.org . Commercial support is available at nginx.com . Thank you for using nginx.

Looks like your ipv6 isn’t configured correct, so another nginx answers. Ipv4 shows no “small visible content”, ipv6 shows the standard page.

So: Answers your nginx via ipv6?

  • configure that correct (or)
  • remove the ipv6 AAAA record

PS: You have a www DNS entry. Then you should create a certificate with both domain names.

1 Like