Persistent HTTP-01 Challenge 404 with Webroot on Google Cloud for subdomain

Help
1

My domain is: n8n.vimt.pro

I ran this command:

Bash

sudo certbot certonly --webroot -w /var/www/html/n8n.vimt.pro -d n8n.vimt.pro -v

It produced this output:

Plaintext

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator webroot, Installer None

Requesting a certificate for n8n.vimt.pro

Performing the following challenges:

http-01 challenge for n8n.vimt.pro

Using the webroot path /var/www/html/n8n.vimt.pro for all unmatched domains.

Waiting for verification...

Challenge failed for domain n8n.vimt.pro

http-01 challenge for n8n.vimt.pro

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:

Domain: n8n.vimt.pro

Type: unauthorized

Detail: 2a02:4780:13:1283:0:33ab:ec0f:f: Invalid response from http://n8n.vimt.pro/.well-known/acme-challenge/0ky1gGWs0d5qCRNeuoE3WBee01vinAb_IyYRtKTk6vc: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges

Some challenges have failed.

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx/1.22.1

The operating system my web server runs on is (include version): PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"

NAME="Debian GNU/Linux"

VERSION_ID="12"

VERSION="12 (bookworm)"

VERSION_CODENAME=bookworm

ID=debian

HOME_URL="https://www.debian.org/"

SUPPORT_URL="Debian -- User Support"

BUG_REPORT_URL="https://bugs.debian.org/"

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

certbot certbot 2.1.0

2

In your DNS you have both an A record (for IPv4) and an AAAA record (for IPv6). Hostinger often sets up an IPv6 record for new accounts.

Your A record points to google but the AAAA record still points to the Hostinger service. Let's Encrypt prefers IPv6 when an AAAA record is present.

You need to update the AAAA address for google or remove it if you do not support IPv6.

Any client trying to use IPv6 will connect to that Hostinger service instead of your server. This configuration error would not just affect Let's Encrypt.

See Hostinger article here: How to manage AAAA records | Hostinger Help Center

And use this site to test connections

5 Likes
3

That was it! Thank you very much.

3 Likes