Http-01 challenge failed

miltonjrd · December 18, 2022, 3:51pm

it took me days looking for the solution and I still haven't found it, pls help me

I ran this command: certbot --nginx

It produced this output:

[root@g nginx]# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: ratitutisesquema.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Requesting a certificate for ratitutisesquema.org
Performing the following challenges:
http-01 challenge for ratitutisesquema.org
Waiting for verification...
Challenge failed for domain ratitutisesquema.org
http-01 challenge for ratitutisesquema.org
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ratitutisesquema.org
   Type:   unauthorized
   Detail: 2a02:4780:13:903:0:1ae2:584:4: Invalid response from
   http://ratitutisesquema.org/.well-known/acme-challenge/W8sGR0MZRdLfU2a6xM_9XuLw4K9C2KhoPHxrIOlcsYc:
   404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx 1.20.1

The operating system my web server runs on is (include version): CentOS Linux 7 (Core)

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.11.0

Osiris · December 18, 2022, 4:20pm

The IPv6 address (2a02:4780:13:903:0:1ae2:584:4) for your website servers a different site than your IPv4 address (181.215.135.62). The IPv4 address seems to be serving some "Next.js" something through nginx, while the IPv6 address seems to be serving some Hostinger page.

Bruce5051 · December 18, 2022, 11:20pm

Supplemental information:

$ nslookup
> server ns1.dns-parking.com.
Default server: ns1.dns-parking.com.
Address: 162.159.24.201#53
Default server: ns1.dns-parking.com.
Address: 2400:cb00:2049:1::a29f:18c9#53
> ratitutisesquema.org
Server:         ns1.dns-parking.com.
Address:        162.159.24.201#53

Name:   ratitutisesquema.org
Address: 181.215.135.62
> set q=aaaa
> ratitutisesquema.org
Server:         ns1.dns-parking.com.
Address:        162.159.24.201#53

*** Can't find ratitutisesquema.org: No answer
> set q=cname
> ratitutisesquema.org
Server:         ns1.dns-parking.com.
Address:        162.159.24.201#53

*** Can't find ratitutisesquema.org: No answer
>

Bruce5051 · December 18, 2022, 11:22pm

Further supplemental information:

(note I have an IPv4 address, no IPv6)

$ nmap ratitutisesquema.org
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-18 23:21 UTC
Nmap scan report for ratitutisesquema.org (181.215.135.62)
Host is up (0.19s latency).
Not shown: 997 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 11.77 seconds

$ curl -I http://ratitutisesquema.org/.well-known/acme-challenge/W8sGR0MZRdLfU2a6xM_9XuLw4K9C2KhoPHxrIOlcsYc
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Sun, 18 Dec 2022 23:30:59 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

This online tool https://dnsspy.io/ has the DNS records towards the bottom of the page here DNS Spy report for ratitutisesquema.org

And using this online tool https://letsdebug.net/ gives ALL OK results here https://letsdebug.net/ratitutisesquema.org/1305030

Bruce5051 · December 18, 2022, 11:37pm

Using this online tool https://crt.sh/, here is a list of issued certificates crt.sh | ratitutisesquema.org, the latest being 2022-12-17.
So it looks like you were successful @miltonjrd

miltonjrd · December 19, 2022, 5:34am

Yeah, I got some free certs from LetsEncrypt using a Hostinger's tool but for some reason it seems not working:

My domain is having some not expected behaviors. the above printscreen was took on Linux, Firefox, and serves a nextjs page.
But when I go to Windows 10, Chrome, it serves a Hostinger page (this was not supposed to happen) and the ssl cert works.

I'm noob, so this is making me think like WTF??

rg305 · December 19, 2022, 6:02am

If you don't know how to get your web server to serve content via IPv6, then I suggest you remove the IPv6 address from your DNS.

Bruce5051 · December 19, 2022, 3:42pm

DNS doesn't show there is an IPv6 Address for the domain name.

Osiris · December 19, 2022, 4:45pm

Your DNS doesn't show it, however, it's there. See e.g.: Dig (DNS lookup)

Or ratitutisesquema.org | DNSViz, which by the way has a lot of errors. So that might also be the reason why your DNS server doesn't show any.

Bruce5051 · December 19, 2022, 4:46pm

Yes, it has changes since I last looked.

> server ns1.dns-parking.com
Default server: ns1.dns-parking.com
Address: 162.159.24.201#53
Default server: ns1.dns-parking.com
Address: 2400:cb00:2049:1::a29f:18c9#53
> set q=a
> ratitutisesquema.org
Server:         ns1.dns-parking.com
Address:        162.159.24.201#53

Name:   ratitutisesquema.org
Address: 181.215.135.62
> set q=aaaa
> ratitutisesquema.org
Server:         ns1.dns-parking.com
Address:        162.159.24.201#53

Name:   ratitutisesquema.org
Address: 2a02:4780:14:7866::1
> set q=caa
> ratitutisesquema.org
Server:         ns1.dns-parking.com
Address:        162.159.24.201#53

ratitutisesquema.org    rdata_257 = 0 issue "letsencrypt.org"
ratitutisesquema.org    rdata_257 = 0 issue "globalsign.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "comodoca.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "letsencrypt.org"
ratitutisesquema.org    rdata_257 = 0 issue "digicert.com"
ratitutisesquema.org    rdata_257 = 0 issue "sectigo.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "globalsign.com"
ratitutisesquema.org    rdata_257 = 0 issue "comodoca.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "digicert.com"
ratitutisesquema.org    rdata_257 = 0 issuewild "sectigo.com"
>

Bruce5051 · December 19, 2022, 9:10pm

Using this online tool SSL Server Test (Powered by Qualys SSL Labs) with results here SSL Server Test: ratitutisesquema.org (Powered by Qualys SSL Labs)
I see "Unable to connect to the server" for the IPv6 Address.

system · January 18, 2023, 9:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Http-01 challenge fails for one domain - nginx - 404 Help	8	2246	June 29, 2022
Http-01 challenge fails Help	4	120	October 30, 2024
Seeking technical clarification on certbot certificate creation using DNS-01 and HTTP-01 challenge Issuance Tech	21	1778	August 18, 2023
Http-01 challenge failure Help	10	2923	July 18, 2021
HTTP-01 invalid status Error 400 Help	9	2866	September 20, 2021

Http-01 challenge failed

Related topics