High Priority: Certbot challange fail (would be willing to pay to have this solved)

rzel · November 2, 2021, 2:53am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: coinschedule.com

I ran this command: sudo certbot --nginx -d bitni.biz -d www.bitni.biz -d coinschedule.com -d www.coinschedule.com -d blog.coinschedule.com --debug-challenges -v

It produced this output: certbot fail.txt (40.4 KB)

The part where it fails is:

Writing nginx conf tree to /etc/nginx/sites-enabled/coinschedule.com.conf:
server {


    server_name blog.coinschedule.com;
    # return 301 https://bitni.com/site/coin-schedule/blog$request_uri;
    
}

server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot



    server_name coinschedule.com www.coinschedule.com;
    # return 301 https://bitni.com/site/coin-schedule$request_uri;
    
location = /.well-known/acme-challenge/HwBenhrsnTKq5v_A3BN_GtAx0_ZhsO5EBUNVWa1B-uE{default_type text/plain;return 200 HwBenhrsnTKq5v_A3BN_GtAx0_ZhsO5EBUNVWa1B-uE.nYf4LacNFjFPvl-4zF4XW9URn5vE98lNCr-b5z6-ue0;} # managed by Certbot

location = /.well-known/acme-challenge/QvqjAxpVFJDQzWlPgdb5H2ln_7eAIZeYnPgGElHMG2I{default_type text/plain;return 200 QvqjAxpVFJDQzWlPgdb5H2ln_7eAIZeYnPgGElHMG2I.nYf4LacNFjFPvl-4zF4XW9URn5vE98lNCr-b5z6-ue0;} # managed by Certbot

}
Waiting for verification...

Certbot isn't actually writing anything to my coinschedule.com.conf file - I checked.

My web server is (include version): nginx 1.18

The operating system my web server runs on is (include version): ubuntu 20

My hosting provider, if applicable, is: Hostround

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, ssh via snowflake

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.20

I need this problem solved badly, I would be willing to grant server access and pay in Bitcoin.

rg305 · November 2, 2021, 2:56am

Hi @rzel and welcome to the LE community forum

Are you willing to try --webroot?
If so, that might get you going quickly.

Have you tried removing the IPv6 address from DNS?

I guess I'll go back to trading crypto for

_az · November 2, 2021, 3:03am

With your nginx server, your domains are responding differently based on whether they are visited using IPv4 or IPv6. This could explain why the challenges are failing.

For the two virtual hosts ( blog.coinschedule.com and coinschedule.com+www.coinschedule.com), try throw in:

listen 80;
listen [::]:80;

and see whether that helps.

rzel · November 2, 2021, 3:09am

Tried

certbot certonly --webroot -w /var/www/html -d bitni.biz -d www.bitni.biz -d coinschedule.com -d www.coinschedule.com -d blog.coinschedule.com --debug-challenges -v

and it just did the same thing as before. Let me try _az's idea.

rg305 · November 2, 2021, 3:26am

Please confirm your IPv6 address if you are going that way:
curl -6 ifconfig.co

It should match:

Name:      coinschedule.com
Addresses: 2602:fd9e:2:6438::1
           23.145.80.103

rg305 · November 2, 2021, 3:32am

That is the correct IPv6 address.
Try @_az "fix".

rzel · November 2, 2021, 3:32am

curl -6 ifconfig.co
2602:fd9e:2:6438::1

I don't know why it isn't showing exactly what yours is.

(Sorry, I reposted because it wasn't replying to yours.)

rg305 · November 2, 2021, 3:36am

Your nginx is capable of serving IPv6.
See:

You need to compare the vhost config for www.bitni.biz with the ones that fail.

rg305 · November 2, 2021, 3:39am

Are you able to make the required changes?
Are you tech savvy?

rg305 · November 2, 2021, 4:06am

Was your problem resolved?
So can we close this topic ?

rzel · November 2, 2021, 5:12am

Let me come back in about 8 hours. Thank you for your help.

rzel · November 2, 2021, 2:41pm

I think your suggestion solved it. I had thought Certbot would handle the ports declaration in the conf, so I took it out, but it turned out that was the problem.

URLs like coinschedule.com/stats are correctly redirecting to bitni.com/site/coin-schedule/stats

If you would like a tip, I can throw a little BTC your way.

Thanks a lot everyone.

system · December 2, 2021, 2:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.