Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Invalid response 404

Hello i try to create custom domain RPC with cloudflare and have next error:

My domain is: metilnodes.tech

I ran this command: sudo certbot --nginx --register-unsafely-without-email

It produced this output:Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: story-testnet-rpc.metilnodes.tech
Type: unauthorized
Detail: 194.85.61.76: Invalid response from http://story-testnet-rpc.metilnodes.tech/.well-known/acme-challenge/3Kw384Feb-bxo_o1DtoTy6CB9L0GG1K1HyzAOMOJ8Z0: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):49.12.42.167 ubuntu 24.04

The operating system my web server runs on is (include version):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

You have two IP addresses in the public DNS for that domain. And, they both look related to something for "expiredpages". Your DNS A records are:

metilnodes.tech.	0	IN	A	109.70.26.37
metilnodes.tech.	0	IN	A	194.85.61.76

It looks like you think your IP should be 49.12.42.167. If so, you need to update the DNS

Otherwise please explain what the two DNS A records are for. Because sending requests to each one gives different responses. That is almost always because of incorrect A records

A reverse lookup for the 109.... IP address:

37.26.70.109.in-addr.arpa. 600	IN	PTR	expirepages-kiae-1.nic.ru.
2 Likes

ok changed it, but now have another issues..

Requesting a certificate for story-testnet-api.metilnodes.tech and story-testnet-rpc.metilnodes.tech

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: story-testnet-api.metilnodes.tech
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for story-testnet-api.metilnodes.tech - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for story-testnet-api.metilnodes.tech - check that a DNS record exists for this domain

  Domain: story-testnet-rpc.metilnodes.tech
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for story-testnet-rpc.metilnodes.tech - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for story-testnet-rpc.metilnodes.tech - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

i setup early like this,


but if change to AAAA it's asking for ip6

You have pointed your two story subdomains to www subdomain but I don't see any A or AAAA record for your www subdomain.

I think you would be better off on the Cloudflare community or a general forum for DNS configuration. Setting up DNS is required for your domains to respond properly. To everyone not just Let's Encrypt.

By the way, I don't see an A record for your apex domain either. You need to do more research on how DNS works.

2 Likes

image
i added this one. but ahve also question, if my vps have 2a01:4f8:c012:4c46::/64 , i need add ::0000 instead /64?

i just tried with parametrs from screen and have this one:

looks like i'm in correct way but need understand what IP add in general to each type...
could u help pls?

/anynumber is generally a network NOT an IP.

2 Likes

ok, and i can add any numbers, exp 2a01:4f8:c012:4c46::0000 instead of 2a01:4f8:c012:4c46::/64 and it's should work?
i tried curl -v6
and have this one

* Host metilnodes.tech:80 was resolved.
* IPv6: 2a01:4f8:c012:4c46::
* IPv4: (none)
*   Trying [2a01:4f8:c012:4c46::]:80...
* connect to 2a01:4f8:c012:4c46:: port 80 from 2a01:4f8:c012:4c46::1 port 52618 failed: No route to host
* Failed to connect to metilnodes.tech port 80 after 3165 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to metilnodes.tech port 80 after 3165 ms: Couldn't connect to server

nvm looks like i received certificate, but now when try check with command wscat -c wss://49.12.42.167:26657/websocketh i have next error
error: write EPROTO 00D83BB5D5760000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
what that error and how to fix ? thanks