Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching
My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04.3 LTS
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.27.0
Hi there. I’m running a number of identical Nginx configurations all of which resolve and update no problem, however this domain (Porkbun registrar and DNS server) does not seem to resolve on live. Staging (using --dry-run flag) works fine. Any tips?
An error occurred requesting a new certificate for sunstarved.co, sunstarved.design, wiki.sunstarved.co, creative.sunstarved.co, dev.sunstarved.co from Let's Encrypt : Web-based validation failed : <pre>Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for creative.sunstarved.co
http-01 challenge for dev.sunstarved.co
http-01 challenge for sunstarved.co
http-01 challenge for sunstarved.design
http-01 challenge for wiki.sunstarved.co
Using the webroot path /home/sunstarved/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. creative.sunstarved.co (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://sunstarved.co/.well-known/acme-challenge/hAsvyxPYO1f_C2jakmNLtjMOoizmBvdMMS-daU0u63U: Error getting validation data, sunstarved.co (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://sunstarved.co/.well-known/acme-challenge/dXgZFfle_4IKe3et-Idzv2uyNQ6_k3LVJxPDORMPn1M: Error getting validation data, dev.sunstarved.co (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://sunstarved.co/.well-known/acme-challenge/7gUEAp027hdold-VoHAtd5ijfOjf7IHQNONfANYAptI: Error getting validation data, sunstarved.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://sunstarved.co/.well-known/acme-challenge/Sb8JVqVAs2rO29kSrns6HPzAZ_OdQlQtvEULHyL63ZA: Error getting validation data, wiki.sunstarved.co (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://sunstarved.co/.well-known/acme-challenge/IE9qXtc8FIJGnAWF95mR92SjTPhEwAUM1WPOuqUyi90: Error getting validation data
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: creative.sunstarved.co
Type: connection
Detail: Fetching
https://sunstarved.co/.well-known/acme-challenge/hAsvyxPYO1f_C2jakmNLtjMOoizmBvdMMS-daU0u63U:
Error getting validation data
Domain: sunstarved.co
Type: connection
Detail: Fetching
https://sunstarved.co/.well-known/acme-challenge/dXgZFfle_4IKe3et-Idzv2uyNQ6_k3LVJxPDORMPn1M:
Error getting validation data
Domain: dev.sunstarved.co
Type: connection
Detail: Fetching
https://sunstarved.co/.well-known/acme-challenge/7gUEAp027hdold-VoHAtd5ijfOjf7IHQNONfANYAptI:
Error getting validation data
Domain: sunstarved.design
Type: connection
Detail: Fetching
https://sunstarved.co/.well-known/acme-challenge/Sb8JVqVAs2rO29kSrns6HPzAZ_OdQlQtvEULHyL63ZA:
Error getting validation data
Domain: wiki.sunstarved.co
Type: connection
Detail: Fetching
https://sunstarved.co/.well-known/acme-challenge/IE9qXtc8FIJGnAWF95mR92SjTPhEwAUM1WPOuqUyi90:
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
</pre>
Your sites are responding with HTTP redirects to URLs starting with https://sunstarved.co/, but https://sunstarved.co/ doesn’t work: Its IPv6 address is running HTTP on port 443 (the HTTPS port), so Let’s Encrypt is reporting an error.
Can you resolve that problem?
Its IPv4 address has functioning HTTPS with an expired certificate, which would be fine for this purpose.
You could also turn off the redirects. Or turn off IPv6.
Oh, that would certainly explain it! Thank you for spotting this. I’ve temporarily disabled ipv6 and renewed the cert with no problem. Was this a diagnosis using telnet? I’d have been scratching my head for ages with that.
It points to an issue in my nginx configuration for ipv6 which will be affecting all of my domains, but most are configured without AAAA records so it explains why they are functional, all of my configurations currently have two listen directives for [::]:80 and [::]:443. Sounds like I might need to change my [::]:443 directive to enable ssl using listen [::]:443 ssl; ?