Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet

hi i tried to make https for my domain the ip is pointed to my server i have tried cloudfare proxy and dns only when i try and get it i get this error:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: ukcai.ml
Type: unauthorized
Detail: During secondary validation: 2a06:98c1:3120::3: Invalid response from http://ukcai.ml/.well-known/acme-challenge/SSt1f1jyvh-XeVdWFyguqoOQ0cJY5imokFSF3UEeY_A: 404

Domain: www.ukcai.ml
Type: unauthorized
Detail: During secondary validation: 2a06:98c1:3121::3: Invalid response from http://www.ukcai.ml/.well-known/acme-challenge/QBMIocqiCF7TLjO0Qe_sJeJ5L7KIvMxNLsKh0d1fO1I: 404
cany anyone help?

My domain is:ukcai.ml

I ran this command:
certbot --nginx

It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: ukcai.ml
Type: unauthorized
Detail: During secondary validation: 2a06:98c1:3120::3: Invalid response from http://ukcai.ml/.well-known/acme-challenge/SSt1f1jyvh-XeVdWFyguqoOQ0cJY5imokFSF3UEeY_A: 404

Domain: www.ukcai.ml
Type: unauthorized
Detail: During secondary validation: 2a06:98c1:3121::3: Invalid response from http://www.ukcai.ml/.well-known/acme-challenge/QBMIocqiCF7TLjO0Qe_sJeJ5L7KIvMxNLsKh0d1fO1I: 404

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
ubunt
My hosting provider, if applicable, is:
freinds vps
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):yes virtuliazor

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0

Welcome to the community @ukcai

First, have you considered using the Cloudflare Origin CA instead of using Let's Encrypt? It should be easier to setup and you won't even need to use certbot. See their docs here

Also, you should correct your problem with IPv4 and IPv6. I can't say exactly what is wrong as this depends partly on how you have Cloudflare configured.

A request using IPv4 for your home page returns an ABOUT ME page titled Doctor Magico (using http or https).

A request using IPv6 returns an nginx default page (http or https).

These really should return the same page

This could well be the reason certbot fails with a 404. Even if not it is almost certainly something wrong in your config (Cloudflare or nginx or perhaps your own network routing).

2 Likes

thanks @MikeMcQ i will try there orgin any errors can i come to you?

1 Like

the cloudflare community forum would be best for that

that's a good spot to sort your ipv4 / 6 problems too

https://community.cloudflare.com/

2 Likes

whats the ipv6 for my vps how do i get that @MikeMcQ

hi @MikeMcQ just getting welcome to nginx noe

do yk how to help

You can do this to test IPv4 and IPv6

curl -i4 http://ukcai.ml
curl -i6 http://ukcai.ml

I see the same thing I saw earlier.

2 Likes

So basically with http://ukcai.ml it works but not https://ukcai.ml

From the Internet, all four work:
http://ukcai.ml/
http://www.ukcai.ml/
https://ukcai.ml/
https://www.ukcai.ml/
as they connect to CloudFlare CDN.

Where are you connecting from/to?

1 Like

oh yes @rg305 i see thanaks and thanks for @MikeMcQ

2 Likes

@rg305 @MikeMcQ it dont work for other people

I see your default nginx page just fine for all cases:

  • apex and www domain
  • http and https
  • IPv4 and IPv6

But, an SSL Labs test got a 521 error in its test (see here at bottom of a results page)

If that's what is happening see this topic:
https://support.cloudflare.com/hc/en-us/articles/115003011431-Troubleshooting-Cloudflare-5XX-errors#521error

Otherwise, please explain in more detail what you think is wrong with Let's Encrypt

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.