SSL setup failing on Ubuntu VPS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: WebClass.in

I ran this command: sudo certbot --nginx

It produced this output:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: webclass.in Type: unauthorized Detail: 2a02:4780:11:1217:0:174f:b4a5:2: Invalid response from http://webclass.in/.well-known/acme-challenge/X2BsixJL7WqFEljetL-KJc7YMhTvqbaaWNDFl2R3ZlQ: 404

Domain: www.webclass.in Type: unauthorized Detail: 2a02:4780:11:1217:0:174f:b4a5:2: Invalid response from http://www.webclass.in/.well-known/acme-challenge/HZmf5wd8t5F0zPN9-Xri3cdBpt2VkRMqydQuSbMB_Aw: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version): nginx 1.21.4

The operating system my web server runs on is (include version): Ubuntu 22.0.4

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot version is 2.8.0

You should check the AAAA record in your DNS. It does not point to the same server as your A record. See

Kind folks, please help. I am not sure what is the reason for no SSL and how to get it to work ?

Most of the helpers here are unpaid volunteers. We offer our personal time and expertise for free to you. Please show some patience. It has only been 15 minutes since you first posted.

And, I have now responded so please review that response

Hello MikeMcQ,

Thank you so much for your help. I am a beginner in this. How do I resolve the AAAA record in DNS ?

Thanks,
Siddhant

You may need to ask Hostinger as it was probably setup when you created your service with them.

The AAAA record is pointing to a LiteSpeed server. The A record is pointing to an nginx server.

The best option is to point the AAAA record to your nginx and make sure you have nginx listen statements for IPv6.

Or, remove the AAAA record if you do not support IPv6

My server does support IPv6 and my firewall status is allowed for ports 80 and 443, using sudo ufw status . Should I ask Hostinger to delete AAAA record or change what it points to ?

The AAAA record for IPv6 might be using some sort of URL Redirect service. It needs to point directly to your nginx server to work properly. You need to ask Hostinger.

The IPv4 request reaches your nginx and gives the expected 404 response to this test. But, you can see IPv6 reaches a LiteSpeed server on platform:hostinger. While it gives a 404 response it won't be able to respond properly to an actual request started by Certbot.

curl -I4 http://webclass.in/.well-known/acme-challenge/Test404
HTTP/1.1 404 Not Found
Server: nginx/1.21.4

curl -I6 http://webclass.in/.well-known/acme-challenge/Test404
HTTP/1.1 404 Not Found
server: LiteSpeed
platform: hostinger

Thank you MikeMcQ,

I will correspond with Hostinger and keep the forum updated. Just curious how you determined the IPV4 and IPV6 issue from the urls I provided

That is just how basic DNS works. Domain names have records in the public DNS system. You have A and AAAA records for IPv4 and IPv6 respectively. That is not unique to Let's Encrypt - it is just how the "internet" works.

The Let's Debug test site I linked in post #2 described this in general

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.