Let’s Encrypt Certificate

Help
1

Had A SSL certificate, after few months it stopped working, tried to delete and create, install again the cetificate
and now I got those errors

My domain is: twhmenu.com

I ran this command:
Tried to reinstall Let's Encrypt Certificate
It produced this output:
1-twhmenu.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:unauthorized, error detail: 2a02:4780:11:1376:0:b1b:fe51:4: Invalid response from http://twhmenu.com/.well-known/acme-challenge/FqqUeeNMbAl98QehW7Sv5j4JOPo1pAZV4U6pyaJ1ZZY: 404.
2-www.twhmenu.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:connection, error detail: 147.79.117.56: Fetching http://www.twhmenu.com/.well-known/acme-challenge/oOIKaUOyPMK5VOAX115Gr_gIi458kNzAF77NvlxkKq4: Error getting validation data
My web server is (include version): hostinger

The operating system my web server runs on is (include version):cloud panel

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

You have both an IPv4 A record and an IPv6 AAAA record in your DNS

But, the IPv6 address points to a Hostinger service not your server. Hostinger creates this AAAA record automatically for new setups. I don't know how this could have worked for you before.

You need to update the AAAA address or remove it if you do not support IPv6.

Any client trying to use IPv6 will connect to that Hostinger service instead of your server. Let's Encrypt favors IPv6 when an AAAA record is present.

See Hostinger article here: How to manage AAAA records | Hostinger Help Center

And use this site to test connections
https://letsdebug.net

2 Likes
3

the first error done
but still this error
www.twhmenu.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:connection, error detail: 147.79.117.56: Fetching http://www.twhmenu.com/.well-known/acme-challenge/b9Osf0Fw1HRtc-oYnJkEsofa9f3Ldt5oUC07gpqKvtA: Error getting validation data

4

I see you fixed your DNS AAAA record. But, it is strange to see the IPv4 address in the error message.

Would you show output of this

sudo certbot renew --dry-run
2 Likes
6

I had run this command
this output
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/testapi.twhtest.com.conf

Account registered.

Simulating renewal of an existing certificate for testapi.twhtest.com

Congratulations, all simulated renewals succeeded:

/etc/letsencrypt/live/testapi.twhtest.com/fullchain.pem (success)

7

Don't you have a certificate for www.twhmenu.com anymore? You have gotten certs for that name before.

What does this show

sudo certbot certificates
1 Like
8

Hi @obaida,

twhmenu.com has both an IPv4 and an IPv6 Address, www.twhmenu.com only has an IPv4 Address the same one as twhmenu.com

image
image1055×679 8.44 KB

and Let's Debug is reporting https://letsdebug.net/www.twhmenu.com/2326072

ANotWorking
Error
www.twhmenu.com has an A (IPv4) record (147.79.117.56) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://www.twhmenu.com/.well-known/acme-challenge/letsdebug-test": EOF

Trace:
@0ms: Making a request to http://www.twhmenu.com/.well-known/acme-challenge/letsdebug-test (using initial IP 147.79.117.56)
@0ms: Dialing 147.79.117.56
@72ms: Experienced error: EOF

IssueFromLetsEncrypt
Error
A test authorization for www.twhmenu.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
147.79.117.56: Fetching http://www.twhmenu.com/.well-known/acme-challenge/yNYjMg32fQ0xDE2QiYNvwTximSNwvVTMhwE_DSqxcdg: Error getting validation data

Yet for non www https://letsdebug.net/twhmenu.com/2326073 "OK" is being shown.

Edit

for www Permanent link to this check report "Broken pipe" is shown
for non www Permanent link to this check report "OK" is shown

9

Using curl I see these results for twhmenu.com a valid HTTP Response Code HTTP/1.1 301 Moved Permanently

$ curl -Ii http://twhmenu.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 03 Jan 2025 22:34:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://twhmenu.com/
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Referrer-Policy: same-origin

Using curl I see these results for www.twhmenu.com and an error (52) Empty reply from server

$ curl -Ii http://www.twhmenu.com
curl: (52) Empty reply from server

Also Server: nginx is the actual web server, Hostinger I is believe would be the hosting company.
Give that can you please show the output of sudo nginx -T (that is an upper case T); that is in addition to Mike's request

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.