My domain is: n22x.iacpdev.us
I ran this command:
certbot --nginx --agree-tos --redirect --hsts --staple-ocsp -d n22x.iacpdev.us --email myaddress@myemail.com
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for n22x.iacpdev.us
Waiting for verification...
Challenge failed for domain n22x.iacpdev.us
http-01 challenge for n22x.iacpdev.us
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: n22x.iacpdev.us
Type: unauthorized
Detail: 2600:3c02::f03c:92ff:feab:a96a: Invalid response from
http://n22x.iacpdev.us/.well-known/acme-challenge/9gUj3W8V-yp21EW_HjCIP4apLfZhON-ThpdMQSgOP7c:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
If I run
certbot certonly --nginx -d n22x.iacpdev.us --dry-run
I get a 503 instead...
certbot certonly --nginx -d n22x.iacpdev.us --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for n22x.iacpdev.us
Waiting for verification...
Challenge failed for domain n22x.iacpdev.us
http-01 challenge for n22x.iacpdev.us
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: n22x.iacpdev.us
Type: unauthorized
Detail: 2600:3c02::f03c:92ff:feab:a96a: Invalid response from
http://n22x.iacpdev.us/.well-known/acme-challenge/jj_oM8oPt0yTfwa2gg0FhH3YsKrYrhy-YOTaDs0I15A:
503
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginx/1.18.0
The operating system my web server runs on is (include version):
Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-109-generic x86_64)
My hosting provider, if applicable, is:
Linode
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.40.0
What I've checked:
- DNS is pointed right. (the domain works currently as http)
- I don't see anything wrong in the nginx server blocks
- I have one certificate working fine already on this server for a different site and domain name. It has a much simpler nginx server config. (The phpmyadmin)
- The one failing is a Drupal 9 site and, as far as I can tell, has a server config the same as one I have SSL working for on another server (except that certbot made the expected changes to it, which it has not made to this one)
- I have a CAA record with letsencrypt.org as issue. [Edit: I just found a typo in that... which could be the whole problem. Fixed that. Still failing but now 503 is consistent, rather than 404]