Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: gateway.chatear.social
I ran this command: /usr/bin/certbot --cert-name gateway.chatear.social renew --force-renewal --text --email myemail@domain.com --agree-tos
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx 1.14.1
The operating system my web server runs on is (include version): debian8
My hosting provider, if applicable, is: ovh dedicated
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0
I have multiple servers, so I’m trying to redirect all requests to one. Then this one should update the renewed certificate on all. Unfortunately I can’t understand what is happening.
Thanks, but as I said I have multiple server and everything is redirecting to gaterenew (5.39.88.91) which is the one that should renew the certificate and then copy to the other servers. So the problem should be with 5.39.88.91 giving 404. Any hint about this?
2001:41d0:8:9a5b::1 Roubaix/Hauts-de-France/France (FR) - OVH SAS
yes
www.gaterenew.chatear.social
Name Error
yes
1
0
not working. May be a wrong vHost configuration.
A second problem: Your error says, that Letsencrypt has selected an ip address with the correct redirect. But your Certbot doesn't work with that configuration, there is a http status 404 with the ipv6 address.
But checking the domain -> both ip addresses (ipv4 and ipv6) have the same http status.
If you use such a redirected domain, you must use webroot. What's your authenticator?
Problem #1: You have IPv6 addresses that fail connection on port 80
Name: gateway.chatear.social
Addresses: 2001:41d0:8:9ceb::1
2001:41d0:8:bd82::1
2001:41d0:8:e18e::1
2001:41d0:8:9a5b::1
5.135.182.130
178.32.222.142
5.39.88.91
5.39.90.235
Problem #2: curl on IPv4 fails to see redirection. curl -Iki4 http://gateway.chatear.social/ HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Sat, 19 Oct 2019 18:47:02 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 09 Jul 2019 22:09:49 GMT Connection: keep-alive ETag: "5d2510ad-264" Accept-Ranges: bytes
Thanks to everybody. So the problem was at the port 80. Fixing nginx and now correctly redirecting both ipv4 and ipv6 seems working. (still using nginx as authenticator)