Http-01 challenge failed

it took me days looking for the solution and I still haven't found it, pls help me

My domain is: ratitutisesquema.org

I ran this command: certbot --nginx

It produced this output:

[root@g nginx]# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: ratitutisesquema.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Requesting a certificate for ratitutisesquema.org
Performing the following challenges:
http-01 challenge for ratitutisesquema.org
Waiting for verification...
Challenge failed for domain ratitutisesquema.org
http-01 challenge for ratitutisesquema.org
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ratitutisesquema.org
   Type:   unauthorized
   Detail: 2a02:4780:13:903:0:1ae2:584:4: Invalid response from
   http://ratitutisesquema.org/.well-known/acme-challenge/W8sGR0MZRdLfU2a6xM_9XuLw4K9C2KhoPHxrIOlcsYc:
   404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx 1.20.1

The operating system my web server runs on is (include version): CentOS Linux 7 (Core)

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.11.0

The IPv6 address (2a02:4780:13:903:0:1ae2:584:4) for your website servers a different site than your IPv4 address (181.215.135.62). The IPv4 address seems to be serving some "Next.js" something through nginx, while the IPv6 address seems to be serving some Hostinger page.

5 Likes

Supplemental information:

$ nslookup
> server ns1.dns-parking.com.
Default server: ns1.dns-parking.com.
Address: 162.159.24.201#53
Default server: ns1.dns-parking.com.
Address: 2400:cb00:2049:1::a29f:18c9#53
> ratitutisesquema.org
Server:         ns1.dns-parking.com.
Address:        162.159.24.201#53

Name:   ratitutisesquema.org
Address: 181.215.135.62
> set q=aaaa
> ratitutisesquema.org
Server:         ns1.dns-parking.com.
Address:        162.159.24.201#53

*** Can't find ratitutisesquema.org: No answer
> set q=cname
> ratitutisesquema.org
Server:         ns1.dns-parking.com.
Address:        162.159.24.201#53

*** Can't find ratitutisesquema.org: No answer
>
1 Like

Further supplemental information:

(note I have an IPv4 address, no IPv6)

$ nmap ratitutisesquema.org
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-18 23:21 UTC
Nmap scan report for ratitutisesquema.org (181.215.135.62)
Host is up (0.19s latency).
Not shown: 997 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 11.77 seconds
$ curl -I http://ratitutisesquema.org/.well-known/acme-challenge/W8sGR0MZRdLfU2a6xM_9XuLw4K9C2KhoPHxrIOlcsYc
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Sun, 18 Dec 2022 23:30:59 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

This online tool https://dnsspy.io/ has the DNS records towards the bottom of the page here DNS Spy report for ratitutisesquema.org

And using this online tool https://letsdebug.net/ gives ALL OK results here https://letsdebug.net/ratitutisesquema.org/1305030

1 Like

Using this online tool https://crt.sh/, here is a list of issued certificates crt.sh | ratitutisesquema.org, the latest being 2022-12-17.
So it looks like you were successful @miltonjrd

1 Like

Yeah, I got some free certs from LetsEncrypt using a Hostinger's tool but for some reason it seems not working:

image

My domain is having some not expected behaviors. the above printscreen was took on Linux, Firefox, and serves a nextjs page.
But when I go to Windows 10, Chrome, it serves a Hostinger page (this was not supposed to happen) and the ssl cert works.

I'm noob, so this is making me think like WTF??

If you don't know how to get your web server to serve content via IPv6, then I suggest you remove the IPv6 address from your DNS.

3 Likes

DNS doesn't show there is an IPv6 Address for the domain name.

Your DNS doesn't show it, however, it's there. See e.g.: Dig (DNS lookup)

Or ratitutisesquema.org | DNSViz, which by the way has a lot of errors. So that might also be the reason why your DNS server doesn't show any.

4 Likes

Yes, it has changes since I last looked.

> server ns1.dns-parking.com
Default server: ns1.dns-parking.com
Address: 162.159.24.201#53
Default server: ns1.dns-parking.com
Address: 2400:cb00:2049:1::a29f:18c9#53
> set q=a
> ratitutisesquema.org
Server:         ns1.dns-parking.com
Address:        162.159.24.201#53

Name:   ratitutisesquema.org
Address: 181.215.135.62
> set q=aaaa
> ratitutisesquema.org
Server:         ns1.dns-parking.com
Address:        162.159.24.201#53

Name:   ratitutisesquema.org
Address: 2a02:4780:14:7866::1
> set q=caa
> ratitutisesquema.org
Server:         ns1.dns-parking.com
Address:        162.159.24.201#53

ratitutisesquema.org    rdata_257 = 0 issue "letsencrypt.org"
ratitutisesquema.org    rdata_257 = 0 issue "globalsign.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "comodoca.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "letsencrypt.org"
ratitutisesquema.org    rdata_257 = 0 issue "digicert.com"
ratitutisesquema.org    rdata_257 = 0 issue "sectigo.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "globalsign.com"
ratitutisesquema.org    rdata_257 = 0 issue "comodoca.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "digicert.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "sectigo.com"
>
2 Likes

Using this online tool SSL Server Test (Powered by Qualys SSL Labs) with results here SSL Server Test: ratitutisesquema.org (Powered by Qualys SSL Labs)
I see "Unable to connect to the server" for the IPv6 Address.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.