Hello
Would you please let me know how to let the LE use IPV4 as default?
Since I have really similar issue, and the IPV6 address in the message detail is not the one of my VPS.
I have not registered any AAAA record.
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: solanadex.pro
Type: unauthorized
Detail: 2600:1901:0:84ef::: Invalid response from http://solanadex.pro/.well-known/acme-challenge/sKy6_igalNs5l59Q1eOfU-XFz6TEtnpjmxuI3u065-o: 404
Domain: www.solanadex.pro
Type: unauthorized
Detail: 2600:1901:0:84ef::: Invalid response from http://www.solanadex.pro/.well-known/acme-challenge/zDd2a6IYfVzeSisBwlTMyY1YjJLgMYZ-C_3bAIis3T8: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
I have added AAAA record once, however before that all attempts were failed.
And now I have removed it. Would you please check that and lmk what I have to do more?
If unboundtest continues to show the AAAA record you may need to speak with Hostinger. Another site we use for DNS validation also shows the AAAA record. solanadex.pro | DNSViz
Usually when there is a discrepancy between a DNS Control Panel and Public DNS Records, it is due to one or more of the following:
1- Longer TTLs create a cache in the DNS system. 14400 seconds (the prevalent value in the screenshot above) is a 4 hour TTL.
2- Control Panels often display and manipulate persistent internal database values for your account, and DNS servers are populated with them. Often times, DNS Providers do not implement write-through caching or expiration, only read-through caching -- so the new value appears in the control panel, but the DNS servers still have the old value until expiry.
While LetsEncrypt and unboundtest look up the authoritative DNS servers, many times the "public facing" authoritative servers sit behind an internal systems that are dealing with tiers of DNS servers or application caches that have the old value + TTL.
The only ways around this are:
if your host offers a full DNS flush, you can try that. Some offer this, but only 1x per 24 hours. If you do this, drop all your TTLs to 300s first.
wait for the TTL to expire and then 1 second before you retry.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for solanadex.pro and www.solanadex.pro
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: solanadex.pro
Type: unauthorized
Detail: 2600:1901:0:84ef::: Invalid response from http://solanadex.pro/.well-known/acme-challenge/-Vs2Mb5iHB_WF4iQRXjVsExLitS1TfX24B4NYvr7ewg: 404
Domain: www.solanadex.pro
Type: unauthorized
Detail: 2600:1901:0:84ef::: Invalid response from http://www.solanadex.pro/.well-known/acme-challenge/FogRY4ZYPdb4App5n31zTCyn6hsuO81avc7uI9z5BlE: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.