How to let the LE use IPV4

Hello
Would you please let me know how to let the LE use IPV4 as default?
Since I have really similar issue, and the IPV6 address in the message detail is not the one of my VPS.
I have not registered any AAAA record.

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: solanadex.pro
  Type:   unauthorized
  Detail: 2600:1901:0:84ef::: Invalid response from http://solanadex.pro/.well-known/acme-challenge/sKy6_igalNs5l59Q1eOfU-XFz6TEtnpjmxuI3u065-o: 404

  Domain: www.solanadex.pro
  Type:   unauthorized
  Detail: 2600:1901:0:84ef::: Invalid response from http://www.solanadex.pro/.well-known/acme-challenge/zDd2a6IYfVzeSisBwlTMyY1YjJLgMYZ-C_3bAIis3T8: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

I've split your post into its own thread.

At the time Let's Encrypt resolved solanadex.pro, it had an AAAA record.

3 Likes


There is no AAAA record now.
But failed again with same response

I have added AAAA record once, however before that all attempts were failed.
And now I have removed it. Would you please check that and lmk what I have to do more?

Please post the new error output.

2 Likes

I still see an AAAA record. See: https://unboundtest.com/

See Hostinger article here: How to manage AAAA records | Hostinger Help Center

And use this site to test connections: https://letsdebug.net

If unboundtest continues to show the AAAA record you may need to speak with Hostinger. Another site we use for DNS validation also shows the AAAA record. solanadex.pro | DNSViz

3 Likes

Usually when there is a discrepancy between a DNS Control Panel and Public DNS Records, it is due to one or more of the following:

1- Longer TTLs create a cache in the DNS system. 14400 seconds (the prevalent value in the screenshot above) is a 4 hour TTL.

2- Control Panels often display and manipulate persistent internal database values for your account, and DNS servers are populated with them. Often times, DNS Providers do not implement write-through caching or expiration, only read-through caching -- so the new value appears in the control panel, but the DNS servers still have the old value until expiry.

While LetsEncrypt and unboundtest look up the authoritative DNS servers, many times the "public facing" authoritative servers sit behind an internal systems that are dealing with tiers of DNS servers or application caches that have the old value + TTL.

The only ways around this are:

  • if your host offers a full DNS flush, you can try that. Some offer this, but only 1x per 24 hours. If you do this, drop all your TTLs to 300s first.
  • wait for the TTL to expire and then 1 second before you retry.
3 Likes
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for solanadex.pro and www.solanadex.pro

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: solanadex.pro
  Type:   unauthorized
  Detail: 2600:1901:0:84ef::: Invalid response from http://solanadex.pro/.well-known/acme-challenge/-Vs2Mb5iHB_WF4iQRXjVsExLitS1TfX24B4NYvr7ewg: 404

  Domain: www.solanadex.pro
  Type:   unauthorized
  Detail: 2600:1901:0:84ef::: Invalid response from http://www.solanadex.pro/.well-known/acme-challenge/FogRY4ZYPdb4App5n31zTCyn6hsuO81avc7uI9z5BlE: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

This is the new error msg

Still failing on IPv6:

2 Likes

Solved.
There was AAAA record on Alias of hostinger.
I have removed it.
Now working.
Thanks a lot

3 Likes