Invalid response from https://

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot certonly --manual

It produced this output:
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): thelickfoldinn.co.uk www.thelickfoldinn.co.uk
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for thelickfoldinn.co.uk
http-01 challenge for www.thelickfoldinn.co.uk

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y

Press Enter to Continue

Create a file containing just this data:

UE2YnBrYu-msx6VUTIb7C_ppi0JFd-nAAbrygHll0P8.puw6FPy6tQdPdXEC2HVHsxScB3fzB-3pefCNJ0B45Xo

And make it available on your web server at this URL:

http://www.thelickfoldinn.co.uk/.well-known/acme-challenge/UE2YnBrYu-msx6VUTIb7C_ppi0JFd-nAAbrygHll0P8

(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet.)

Press Enter to Continue
Waiting for verification...
Challenge failed for domain thelickfoldinn.co.uk
Challenge failed for domain www.thelickfoldinn.co.uk
http-01 challenge for thelickfoldinn.co.uk
http-01 challenge for www.thelickfoldinn.co.uk
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):
Nginx

The operating system my web server runs on is (include version):
Ubuntu

My hosting provider, if applicable, is:
DigitalOcean

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

1 Like
2

Hi @DanLDev

your configuration can't work, see your check, ~~20 minutes old - https://check-your-website.server-daten.de/?q=thelickfoldinn.co.uk#url-checks

You have ipv4 and ipv6. But checking http + /.well-known/acme-challenge/random-filename there are different answers.

Ipv4 is a nginx, ipv6 is an Apache. That can't work.

Fix your configuration, so ipv4 and ipv6 have the same output. Or (not so good): Remove your ipv6, create a certificate, then fix your ipv6.

1 Like
3

Hi @JuergenAuer Thanks for the help.

I'm fairly new to devops, how would i go about removing ipv6? My nginx config at the moment is as follows
server {
listen 80;
listen [::]:80;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    server_name www.thelickfoldinn.co.uk lickfoldinn.co.uk;

    location ~ /.well-known {
            allow all;
    }

    location / {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

    }

}

1 Like
4

It's your DNS AAAA record, not your webserver configuration.

5

That would make sense, as we've just transferred the A record over from GoDaddy to DigitalOcean, could it be possible that somehow the ipv6 record is still hitting the previous site, which would likely be running on apache?

1 Like
6

It's your configuration, so you know the answer.

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.