My domain keeps returning challenge invalid

I’m using ansible to generate ssl certificates for a list of domain. This was working fine till a new domain name was added. I’ve been getting challenge invalid error for the new domain. My acme challenges seems to be properly set. Here is the output:
{“changed”: false, “msg”: “Authorization for dns:ammoairsoft.com returned invalid: CHALLENGE: http-01 DETAILS: Invalid response from http://ammoairsoft.com/.well-known/acme-challenge/VM-28i32zEkQX99Q5VouWZSgdKirEqn7Ct0oaejRsYM [2001:8d8:100f:f000::283]: 204;”, “other”: {}}

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ammoairsoft.com

I ran this command: ansible-playbook playbook.yml

It produced this output: {“changed”: false, “msg”: “Authorization for dns:ammoairsoft.com returned invalid: CHALLENGE: http-01 DETAILS: Invalid response from http://ammoairsoft.com/.well-known/acme-challenge/VM-28i32zEkQX99Q5VouWZSgdKirEqn7Ct0oaejRsYM [2001:8d8:100f:f000::283]: 204;”, “other”: {}}

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 16.04.6

My hosting provider, if applicable, is: Google cloud Platform

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I’m using let’s Encrypt acme_certificate ansible module

1 Like

Hi,

It seems like you have an IPV6 record setup as well as IPV4, but the two address yield different response.
Please either add your IPV6 address into your ansible binding, or remove IPV6 address from your DNS and try again.
https://letsdebug.net/ammoairsoft.com/98216

Update: The server on IPV4 is express (based on header), on IPV6 is Nginx.

Thank you

3 Likes

Thanks for the swift response. You’re right, it’s using IPv6 address. I didn’t notice that until you mentioned it. Can I specify IPv4 to be used as supposed to IPv6?
https://acme-v02.api.letsencrypt.org/acme/chall-v3/2638268350/Ji573Q

1 Like

Sorry, that’s not possible.
(Also, Let’s Encrypt Validation Server will always prefer IPv6 than IPv4)

Thank you

2 Likes

Thanks, I appreciate your help. This actually solve my problem

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.