I’m having some trouble setting up certificates for new subdomains. I already have some subdomains and the main domain set on a server, and I want to create those new subdomains on a separate server. I created the “www.dev” A/AAAA records pointing at this new server but it does not want to work aka create the certificate. The logs I give are for only 1 subdomain but I actually create 7, which works seamlessly for the initial subdomains.
My domain is: dev.muzz.app
I ran this command: sudo certbot --nginx
It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dev.muzz.app
Waiting for verification…
Cleaning up challenges
Failed authorization procedure.
dev.muzz.app (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dev.muzz.app/.well-known/acme-challenge/jbWY2tE6a2ipLyhJN61gJhnGoWXSzRDqrgGjWi0-wY0 [2001:bc8:4400:2000::2027]: <\html>\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n
Right now the IPv4 version of the site and the IPv6 version are returning different content, suggesting that they point to different servers or else that the nginx process has not been given parallel or equivalent configurations for both. I think this is at the root of the problem because the Let’s Encrypt CA is checking the site in IPv6, but perhaps Certbot is only able to configure the site to satisfy the challenge in IPv4. You should make sure that the configurations are more closely equivalent, or else remove the IPv6 AAAA record.
If by configurations you mean the Nginx’s ones then they are almost identical on both servers, only changes are the server names within the conf blocks …
How can you see that “IPv4 version of the site and the IPv6 version are returning different content” ?
Why “Certbot is only able to configure the site to satisfy the challenge in IPv4” ?
You might need to check that the nginx listen directives associated with these server blocks, or elsewhere in your nginx configuration, are set up the way you expect (I’m not familiar enough with them to know exactly what to recommend).