I am not able to issue ssl for my website

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: souqsquare.com

I ran this command: ```
/root/.acme.sh/acme.sh --issue -d yourdomain.com -d www.yourdomain.com --cert-file /etc/letsencrypt/live/www.rmronsol.com/cert.pem --key-file /etc/letsencrypt/live/yourdomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/yourdomain.com/fullchain.pem -w /home/yourdomain.com/public_html --server letsencrypt --force --debug

It produced this output: 
root@vps:~# /root/.acme.sh/acme.sh --issue -d souqsquare.com --cert-file /etc/letsencrypt/live/souqsquare.com/cert.pem --key-file /etc/letsencrypt/live/souqsquare.com/privkey.pem --fullchain-file /etc/letsencrypt/live/souqsquare.com/fullchain.pem -w /usr/local/lsws/Example/html --force --debug
[Wed 02 Nov 2022 11:26:12 AM UTC] Lets find script dir.
[Wed 02 Nov 2022 11:26:12 AM UTC] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed 02 Nov 2022 11:26:12 AM UTC] _script='/root/.acme.sh/acme.sh'
[Wed 02 Nov 2022 11:26:12 AM UTC] _script_home='/root/.acme.sh'
[Wed 02 Nov 2022 11:26:12 AM UTC] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.5
[Wed 02 Nov 2022 11:26:13 AM UTC] Running cmd: issue
[Wed 02 Nov 2022 11:26:13 AM UTC] _main_domain='souqsquare.com'
[Wed 02 Nov 2022 11:26:13 AM UTC] _alt_domains='no'
[Wed 02 Nov 2022 11:26:13 AM UTC] Using config home:/root/.acme.sh
[Wed 02 Nov 2022 11:26:13 AM UTC] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Wed 02 Nov 2022 11:26:13 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed 02 Nov 2022 11:26:13 AM UTC] DOMAIN_PATH='/root/.acme.sh/souqsquare.com'
[Wed 02 Nov 2022 11:26:13 AM UTC] Le_NextRenewTime
[Wed 02 Nov 2022 11:26:13 AM UTC] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Wed 02 Nov 2022 11:26:13 AM UTC] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed 02 Nov 2022 11:26:13 AM UTC] GET
[Wed 02 Nov 2022 11:26:13 AM UTC] url='https://acme-v02.api.letsencrypt.org/directory'
[Wed 02 Nov 2022 11:26:13 AM UTC] timeout=
[Wed 02 Nov 2022 11:26:13 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Wed 02 Nov 2022 11:26:19 AM UTC] ret='0'
[Wed 02 Nov 2022 11:26:19 AM UTC] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Wed 02 Nov 2022 11:26:19 AM UTC] ACME_NEW_AUTHZ
[Wed 02 Nov 2022 11:26:19 AM UTC] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed 02 Nov 2022 11:26:19 AM UTC] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed 02 Nov 2022 11:26:19 AM UTC] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed 02 Nov 2022 11:26:19 AM UTC] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Wed 02 Nov 2022 11:26:19 AM UTC] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed 02 Nov 2022 11:26:20 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed 02 Nov 2022 11:26:20 AM UTC] _on_before_issue
[Wed 02 Nov 2022 11:26:20 AM UTC] _chk_main_domain='souqsquare.com'
[Wed 02 Nov 2022 11:26:20 AM UTC] _chk_alt_domains
[Wed 02 Nov 2022 11:26:20 AM UTC] Le_LocalAddress
[Wed 02 Nov 2022 11:26:20 AM UTC] d='souqsquare.com'
[Wed 02 Nov 2022 11:26:20 AM UTC] Check for domain='souqsquare.com'
[Wed 02 Nov 2022 11:26:20 AM UTC] _currentRoot='/usr/local/lsws/Example/html'
[Wed 02 Nov 2022 11:26:20 AM UTC] d
[Wed 02 Nov 2022 11:26:20 AM UTC] _saved_account_key_hash is not changed, skip register account.
[Wed 02 Nov 2022 11:26:20 AM UTC] Read key length:2048
[Wed 02 Nov 2022 11:26:20 AM UTC] _createcsr
[Wed 02 Nov 2022 11:26:20 AM UTC] Single domain='souqsquare.com'
[Wed 02 Nov 2022 11:26:21 AM UTC] Getting domain auth token for each domain
[Wed 02 Nov 2022 11:26:21 AM UTC] d
[Wed 02 Nov 2022 11:26:21 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed 02 Nov 2022 11:26:21 AM UTC] payload='{"identifiers": [{"type":"dns","value":"souqsquare.com"}]}'
[Wed 02 Nov 2022 11:26:21 AM UTC] RSA key
[Wed 02 Nov 2022 11:26:21 AM UTC] HEAD
[Wed 02 Nov 2022 11:26:21 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed 02 Nov 2022 11:26:22 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Wed 02 Nov 2022 11:26:27 AM UTC] _ret='0'
[Wed 02 Nov 2022 11:26:27 AM UTC] POST
[Wed 02 Nov 2022 11:26:27 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed 02 Nov 2022 11:26:27 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Wed 02 Nov 2022 11:26:33 AM UTC] _ret='0'
[Wed 02 Nov 2022 11:26:33 AM UTC] code='201'
[Wed 02 Nov 2022 11:26:33 AM UTC] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/802522782/140249742227'
[Wed 02 Nov 2022 11:26:33 AM UTC] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/802522782/140249742227'
[Wed 02 Nov 2022 11:26:33 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/171529726797'
[Wed 02 Nov 2022 11:26:34 AM UTC] payload
[Wed 02 Nov 2022 11:26:34 AM UTC] POST
[Wed 02 Nov 2022 11:26:34 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/171529726797'
[Wed 02 Nov 2022 11:26:34 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Wed 02 Nov 2022 11:26:39 AM UTC] _ret='0'
[Wed 02 Nov 2022 11:26:39 AM UTC] code='200'
[Wed 02 Nov 2022 11:26:40 AM UTC] d='souqsquare.com'
[Wed 02 Nov 2022 11:26:40 AM UTC] Getting webroot for domain='souqsquare.com'
[Wed 02 Nov 2022 11:26:40 AM UTC] _w='/usr/local/lsws/Example/html'
[Wed 02 Nov 2022 11:26:40 AM UTC] _currentRoot='/usr/local/lsws/Example/html'
[Wed 02 Nov 2022 11:26:40 AM UTC] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q","token":"Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0"'
[Wed 02 Nov 2022 11:26:40 AM UTC] token='Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0'
[Wed 02 Nov 2022 11:26:40 AM UTC] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q'
[Wed 02 Nov 2022 11:26:40 AM UTC] keyauthorization='Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0.Wq9afiKNgop421vDUZfX9aFtfnEYCm8zaIDCvS4Y_i8'
[Wed 02 Nov 2022 11:26:40 AM UTC] dvlist='souqsquare.com#Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0.Wq9afiKNgop421vDUZfX9aFtfnEYCm8zaIDCvS4Y_i8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q#http-01#/usr/local/lsws/Example/html'
[Wed 02 Nov 2022 11:26:40 AM UTC] d
[Wed 02 Nov 2022 11:26:40 AM UTC] vlist='souqsquare.com#Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0.Wq9afiKNgop421vDUZfX9aFtfnEYCm8zaIDCvS4Y_i8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q#http-01#/usr/local/lsws/Example/html,'
[Wed 02 Nov 2022 11:26:40 AM UTC] d='souqsquare.com'
[Wed 02 Nov 2022 11:26:40 AM UTC] ok, let's start to verify
[Wed 02 Nov 2022 11:26:41 AM UTC] Verifying: souqsquare.com
[Wed 02 Nov 2022 11:26:41 AM UTC] d='souqsquare.com'
[Wed 02 Nov 2022 11:26:41 AM UTC] keyauthorization='Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0.Wq9afiKNgop421vDUZfX9aFtfnEYCm8zaIDCvS4Y_i8'
[Wed 02 Nov 2022 11:26:41 AM UTC] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q'
[Wed 02 Nov 2022 11:26:41 AM UTC] _currentRoot='/usr/local/lsws/Example/html'
[Wed 02 Nov 2022 11:26:41 AM UTC] wellknown_path='/usr/local/lsws/Example/html/.well-known/acme-challenge'
[Wed 02 Nov 2022 11:26:41 AM UTC] writing token:Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0 to /usr/local/lsws/Example/html/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0
[Wed 02 Nov 2022 11:26:41 AM UTC] Changing owner/group of .well-known to root:root
[Wed 02 Nov 2022 11:26:41 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q'
[Wed 02 Nov 2022 11:26:41 AM UTC] payload='{}'
[Wed 02 Nov 2022 11:26:41 AM UTC] POST
[Wed 02 Nov 2022 11:26:41 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q'
[Wed 02 Nov 2022 11:26:41 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Wed 02 Nov 2022 11:26:47 AM UTC] _ret='0'
[Wed 02 Nov 2022 11:26:47 AM UTC] code='200'
[Wed 02 Nov 2022 11:26:47 AM UTC] trigger validation code: 200
[Wed 02 Nov 2022 11:26:47 AM UTC] Pending, The CA is processing your order, please just wait. (1/30)
[Wed 02 Nov 2022 11:26:47 AM UTC] sleep 2 secs to verify again
[Wed 02 Nov 2022 11:26:50 AM UTC] checking
[Wed 02 Nov 2022 11:26:50 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q'
[Wed 02 Nov 2022 11:26:50 AM UTC] payload
[Wed 02 Nov 2022 11:26:50 AM UTC] POST
[Wed 02 Nov 2022 11:26:50 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q'
[Wed 02 Nov 2022 11:26:50 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Wed 02 Nov 2022 11:26:56 AM UTC] _ret='0'
[Wed 02 Nov 2022 11:26:56 AM UTC] code='200'
[Wed 02 Nov 2022 11:26:56 AM UTC] souqsquare.com:Verify error:2a02:4780:8:958:0:259d:190a:1: Invalid response from http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0: 404
[Wed 02 Nov 2022 11:26:56 AM UTC] Debug: get token url.
[Wed 02 Nov 2022 11:26:56 AM UTC] GET
[Wed 02 Nov 2022 11:26:56 AM UTC] url='http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0'
[Wed 02 Nov 2022 11:26:56 AM UTC] timeout=1
[Wed 02 Nov 2022 11:26:56 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Wed 02 Nov 2022 11:27:01 AM UTC] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
[Wed 02 Nov 2022 11:27:01 AM UTC] ret='28'
[Wed 02 Nov 2022 11:27:01 AM UTC] Debugging, skip removing: /usr/local/lsws/Example/html/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0
[Wed 02 Nov 2022 11:27:02 AM UTC] pid
[Wed 02 Nov 2022 11:27:02 AM UTC] No need to restore nginx, skip.
[Wed 02 Nov 2022 11:27:02 AM UTC] _clearupdns
[Wed 02 Nov 2022 11:27:02 AM UTC] dns_entries
[Wed 02 Nov 2022 11:27:02 AM UTC] skip dns.
[Wed 02 Nov 2022 11:27:02 AM UTC] _on_issue_err
[Wed 02 Nov 2022 11:27:02 AM UTC] Please add '--debug' or '--log' to check more details.
[Wed 02 Nov 2022 11:27:02 AM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Wed 02 Nov 2022 11:27:02 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q'
[Wed 02 Nov 2022 11:27:02 AM UTC] payload='{}'
[Wed 02 Nov 2022 11:27:02 AM UTC] POST
[Wed 02 Nov 2022 11:27:02 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/171529726797/ovHA_Q'
[Wed 02 Nov 2022 11:27:02 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Wed 02 Nov 2022 11:27:08 AM UTC] _ret='0'
[Wed 02 Nov 2022 11:27:08 AM UTC] code='400'
[Wed 02 Nov 2022 11:27:08 AM UTC] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1f  31 Mar 2020
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.3 on Oct 26 2019 17:42:04
   running on Linux version #1 SMP Tue Aug 25 11:59:26 MSK 2020, release 5.4.0, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/


My web server is (include version): ubuntu 20.04

The operating system my web server runs on is (include version): cyberpanel 2.3

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): 

The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):

Welcome @digitaltasweq

It looks like you switched to using ZeroSSL as your Certificate Authority (see crt.sh here)

If you want to switch back to Let's Encrypt you should use the command

/root/.acme.sh/acme.sh --set-default-ca letsencrypt 

Hello @digitaltasweq, welcome to the Let's Encrypt community.

Here is a list of issued certificates crt.sh | souqsquare.com, most recent being 2022-10-20 from C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA
The most recent from Let's Encrypt was on 2022-08-07.
The DNS CAA show several Certificate Authority are accepted, that is not an issue.
https://unboundtest.com/

Query results for CAA souqsquare.com

Response:
;; opcode: QUERY, status: NOERROR, id: 4375
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;souqsquare.com.	IN	 CAA

;; ANSWER SECTION:
souqsquare.com.	0	IN	CAA	0 issue "comodoca.com"
souqsquare.com.	0	IN	CAA	0 issue "digicert.com"
souqsquare.com.	0	IN	CAA	0 issuewild "digicert.com"
souqsquare.com.	0	IN	CAA	0 issuewild "letsencrypt.org"
souqsquare.com.	0	IN	CAA	0 issuewild "sectigo.com"
souqsquare.com.	0	IN	CAA	0 issue "globalsign.com"
souqsquare.com.	0	IN	CAA	0 issue "sectigo.com"
souqsquare.com.	0	IN	CAA	0 issuewild "globalsign.com"
souqsquare.com.	0	IN	CAA	0 issuewild "comodoca.com"
souqsquare.com.	0	IN	CAA	0 issue "letsencrypt.org"

The domain as an IPv4 and and IPv6 Address, which is great.
However SSL Server Test (Powered by Qualys SSL Labs) results differ for the IPv4 and IPv6; I would expect the same results for both.
Over all here SSL Server Test: souqsquare.com (Powered by Qualys SSL Labs)

image1147×716 26.9 KB

IPv4 - SSL Server Test: souqsquare.com (Powered by Qualys SSL Labs)
IPv6 - SSL Server Test: souqsquare.com (Powered by Qualys SSL Labs)

The certificate being served on IPv6 looks good

image995×833 17.3 KB

But the certificate being served on IPv4 a a self-signed certificate

image1002×820 16.8 KB

Let’s Encrypt offers Domain Validation (DV) certificates.

Let's Encrypt uses Multi-Perspective Validation Improves Domain Validation Security - Let's Encrypt

Since these are Domain Validation (DV) certificates the Domain Name System (DNS) is used extensively in the validation process as well a allowing us to assist here on Let's Encrypt community.
DNS Queries need to give consistent results from any location on the Internet, all your authoritative DNS Servers for the Domain need to also give consistent results as well.

Both the IPv4 and the IPv6 will need to respond to the Domain Name Validation Challenge.

Note that the IPv6 address failed the Challenge above.

Hi Mike this command did not works
it said unknown parameter letsencrypt

Sorry, format is

/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt 

Hi Bruce
Thank you for your help and clarification, but until now I could not figure out how I would solve my SSL issue. So please if you could walk me out to solve my issue that would be much appreciated.
Thank you

Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
but still didn't work what should I do next
thank you

Hi @digitaltasweq,

I only have IPv4 at my location. When I look at this
URL http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0
I see this:

image1234×292 15.1 KB

Using Linux CLI this is what I see as an alternative (better some might argue) way

$ curl http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0 ; echo
Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0.Wq9afiKNgop421vDUZfX9aFtfnEYCm8zaIDCvS4Y_i8

Now we need to use that same URL but where it is resolved to the IPv6 address and see what we get there.
So with curl that can be done with

$ curl --ipv6 http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0 ; echo

If you could share the output of that it would help.

Actually I just realized I have remote access to a machine that can do IPv6, it is a FreeBSD 13.1-RELEASE-p3 FreeBSD 13.1-RELEASE-p3 GENERIC amd64 machine.

And this is what I got.

 4>curl --ipv6 http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0 ; echo
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>openresty</center>
</body>
</html>

 5>curl --ipv4 http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0 ; echo
Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0.Wq9afiKNgop421vDUZfX9aFtfnEYCm8zaIDCvS4Y_i8
 6>

Oh, also this:

 6>curl -Ii --ipv6 http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0 ; echo
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 150
date: Wed, 02 Nov 2022 21:39:53 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests


 7>curl -Ii --ipv4 http://souqsquare.com/.well-known/acme-challenge/Dfnqoddfa_fLe-Ohz7i263qmklKSHvHuZj4HElRZCt0 ; echo
HTTP/1.1 200 OK
etag: "57-636253f1-e0007;;;"
last-modified: Wed, 02 Nov 2022 11:26:41 GMT
content-length: 87
accept-ranges: bytes
date: Wed, 02 Nov 2022 21:40:08 GMT
server: LiteSpeed
connection: Keep-Alive

So IPv4 and IPv6 are not returning the same results.
Are they different machines or VM?

No they are the same machine

@digitaltasweq, please wait for more knowledgeable Let's Encrypt community volunteers to assist.
Hopefully someone that knows about the LiteSpeed server and its configuration.

I don't know litespeed enough either. But, as Bruce notes your domain does not respond the same way to IPv4 and IPv6 clients. Let's Encrypt will use IPv6 when you have an AAAA record for IPv6. As Bruce showed, it looks like the http challenge record is created on your IPv4 machine but Let's Encrypt looks for it on the IPv6 one.

This may be the same machine but with different configurations. You need them to be the same not only for Let's Encrypt but any visitors that might use IPv6

Maybe this info will help you understand where they are different. Below is info I see getting your "home" page.

curl -i4 http://souqsquare.com

HTTP/1.1 200 OK
link: <https://souqsquare.com/index.php?rest_route=/>; rel="https://api.w.org/"
x-litespeed-cache: hit
server: LiteSpeed

Note: The data returned is a very large page but has a title of:

<title>Souq Square &#8211; Just another WordPress site</title>

=========
But, IPv6 redirects from HTTP to HTTPS.  Which is fine but it is not the same as with IPv4.  Note the platform:hostinger too. 

curl -i6 http://souqsquare.com
HTTP/1.1 301 Moved Permanently
server: LiteSpeed
location: https://souqsquare.com/
platform: hostinger

Using IPv6 with https the home page looks like a MailChimp landing page.  
Is that yours?  
I'm guessing so because it uses a ZeroSSL cert you got for this domain.

curl -i6 https://souqsquare.com/

HTTP/2 200
x-powered-by: PHP/7.4.32
set-cookie: mailchimp_landing_site=https%3A%2F%2Fsouqsquare.com%2F; expires=Wed, 30-Nov-2022 22:11:22 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict
x-litespeed-cache-control: no-cache
x-litespeed-tag: 1b7_HTTP.200,1b7_front,1b7_URL.6666cd76f96956469e7be39d750cc7d9,1b7_F,1b7_Po.71,1b7_PGS,1b7_
server: LiteSpeed
platform: hostinger

(I omitted various response headers that I thought were not helpful)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.