Hi,
I’m having problem with the acme-challenge for letsencrypt. I can see the output when I create a textfile in /var/www/domain/public /.well-known/acme-challenge/text.txt and access it through http://domain.com/.well-known/acme-challenge/text.txt or create a file for the token in the acme-challenge and the browser downloads it.
I have tried with both --webroot and --manual methods but they produce the same problem. I’ve also tried to install the certificate with sudo certbot --nginx etc.
I ran this command:
sudo certbot certonly --webroot -w /var/www/domain/public -d domain.com
It produced this output:
Failed authorization procedure. domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/{token}: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
Th"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: domain.com
Type: unauthorized
Detail: Invalid response from
http://domain.com/.well-known/acme-challenge/{token}:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
Th"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Nginx
The operating system my web server runs on is (include version):
Ubuntu 16.04
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I previosly had two certificates for two different domains. I forgot to renew (the domain above) and the renewal process gave multiple errors and I couldn’t resolve it so I deleted the certificates. Now i’m trying to reinstall it.
I don’t remember exactly how I installed them… but i’t was probobly with sudo certbox --nginx.
I don’t think I can use Inleeds certificate since I don’t have a control panel.
dropshipping.se has both AAAA (IPv6) and A (IPv4) records. While they both appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that the IPv4 and IPv6 addresses may unintentionally point to different servers, which would cause validation to fail.
[Address Type=IPv4,Server=nginx/1.10.3 (Ubuntu),HTTP Status=404] vs [Address Type=IPv6,Server=nginx,HTTP Status=404]
You have an ipv4 and an ipv6 - address. But the content is different. Perhaps remove the ipv6 - entry, create the certificate and fix the ipv6 - problem.