I get this error " sudo certbot --nginx -d locationdz.com -d www.locationdz.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.
2025/01/02 07:59:23 [emerg] 37509#37509: cannot load certificate "/etc/letsencrypt/live/locationdz.com/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/locationdz.com/fullchain.pem, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\n2025/01/02 07:59:23 [emerg] 37509#37509: cannot load certificate "/etc/letsencrypt/live/locationdz.com/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/locationdz.com/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')"
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
sudo ln -s /etc/nginx/sites-available/api.locationdz.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
sudo certbot --nginx -d api.locationdz.com
It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: api.locationdz.com
Type: unauthorized
Detail: 2a02:4780:28:90b5::1: Invalid response from http://api.locationdz.com/.well-known/acme-challenge/...
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
My web server is (include version):
Nginx 1.22.0
The operating system my web server runs on is (include version):
Ubuntu 22.04 LTS
My hosting provider, if applicable, is:
Domain: OVH
VPS Hosting: Hostinger
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g., output of certbot --version or certbot-auto --version if you're using Certbot):
Certbot 2.9.0
I am hosting my project with the following setup:
Domain & Subdomain:
The main domain locationdz.com is hosted on OVH for the Angular frontend.
A subdomain api.locationdz.com is set up for the Laravel API backend hosted on a VPS from Hostinger.
Frontend & Backend:
The Angular frontend is served on locationdz.com.
The Laravel backend is hosted on the VPS and accessed through api.locationdz.com.
SSL Certificates:
I am using Certbot for SSL certificates to secure communication, though I’m facing challenges with the certificate installation for api.locationdz.com.
sudo ln -s /etc/nginx/sites-available/api.locationdz.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
sudo certbot --nginx -d api.locationdz.com
It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: api.locationdz.com
Type: unauthorized
Detail: 2a02:4780:28:90b5::1: Invalid response from http://api.locationdz.com/.well-known/acme-challenge/...
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
My web server is (include version):
Nginx 1.22.0
The operating system my web server runs on is (include version):
Ubuntu 22.04 LTS
My hosting provider, if applicable, is:
Domain: OVH
VPS Hosting: Hostinger
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g., output of certbot --version or certbot-auto --version if you're using Certbot):
Certbot 2.9.0
I am hosting my project with the following setup:
Domain & Subdomain:
The main domain locationdz.com is hosted on OVH for the Angular frontend.
A subdomain api.locationdz.com is set up for the Laravel API backend hosted on a VPS from Hostinger.
Frontend & Backend:
The Angular frontend is served on locationdz.com.
The Laravel backend is hosted on the VPS and accessed through api.locationdz.com.
SSL Certificates:
I am using Certbot for SSL certificates to secure communication, though I’m facing challenges with the certificate installation for api.locationdz.com.
MultipleIPAddressDiscrepancy
Warning
locationdz.com has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.
[Address=2a02:4780:28:90b5::1,Address Type=IPv6,Server=nginx/1.24.0 (Ubuntu),HTTP Status=404] vs [Address=85.31.236.98,Address Type=IPv4,Server=nginx/1.24.0 (Ubuntu),HTTP Status=200]
All IP Address (both IPv4 & IPv6) must respond the same.
Please don't remove parts of the error message. There are many reasons for an invalid response and it is necessary to know the details.
Currently, I cannot reproduce the above error because you no longer have an IPv6 AAAA address in your DNS for your api subdomain.
If I use the IPv4 address I get a valid "Not Found" from a test. Although, your server replies with an HTTP error 500 for the api "home page". Maybe you intend this but often points to incorrect nginx config.
For your apex domain name your nginx server replies differently to IPv4 and IPv6 requests. This is likely a fault in your listen statements.
Please show the output of below command. An upper case T is essential
sudo nginx -T
See test requests to api subdomain
curl -I4 http://api.locationdz.com
HTTP/1.1 500 Internal Server Error
Server: nginx/1.24.0 (Ubuntu)
date: Thu, 02 Jan 2025 17:57:44 GMT
curl -I4 http://api.locationdz.com/.well-known/acme-challenge/test404
HTTP/1.1 404 Not Found
Server: nginx/1.24.0 (Ubuntu)
date: Thu, 02 Jan 2025 17:57:52 GMT
See different replies for apex domain using IPv4 and v6 (different Content-Length, Last-Mod, and eTag). This points to problem with server blocks and/or listen statements
curl -I4 http://locationdz.com
HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Content-Length: 5222
Last-Modified: Wed, 01 Jan 2025 22:55:24 GMT
ETag: "6775c7dc-1466"
curl -I6 http://locationdz.com
HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)
Content-Length: 10671
Last-Modified: Wed, 01 Jan 2025 16:52:39 GMT
ETag: "677572d7-29af"
"Thank you very much, I solved the problem. My domain and subdomains are secure. My addresses were indeed pointing to two different servers. Thank you.