My domain is:
With a NGINX Proxy on the A Record (IPv4, seperate machine) (I just have one IPv4 for different services)
And the Server (AAAA Record, IPv6, different virtual machine)
I ran this command:
sudo /usr/bin/letsencrypt renew --dry-run (on the Proxy)
It produced this output:
ZIPPPP
Processing /etc/letsencrypt/renewal/cloud.elearningdienst.de.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.elearningdienst.de
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification...
Challenge failed for domain cloud.elearningdienst.de
http-01 challenge for cloud.elearningdienst.de
Cleaning up challenges
Attempting to renew cert (cloud.elearningdienst.de) from /etc/letsencrypt/renewal/cloud.elearningdienst.de.conf produced an unexpected error: Some challenges have failed.. Skipping.
ZIPPPP
The following certs could not be renewed:
/etc/letsencrypt/live/cloud.elearningdienst.de/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: cloud.elearningdienst.de
Type: unauthorized
Detail: Invalid response from
Nextcloud
[2a00:6020:15ca:5300:68f3:b0ff:fe63:7632]: "\n<html
class="ng-csp" data-placeholder-focus="false" lang="de"
data-locale="de_DE" >\n\t<head\n data-requesttoken="b"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
The AAAA Record is correct, but shows on the VM, because only the IPv4 is proxied through the nginx.
My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
UBUNTU 20.04
My hosting provider, if applicable, is:
Self-hosted
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.40.0
My Question: How can I make my setting work? I found that ticket in GitHub Support separate IPv4 and IPv6 servers · Issue #3847 · letsencrypt/boulder · GitHub but it is closed. So I think I'm not the only one with that specific problem/ issue.