My domain is: kidscreativeworld.com

I ran this command: sudo certbot --nginx -d kidscreativeworld.com -d www.kidscreativeworld.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for kidscreativeworld.com
http-01 challenge for www.kidscreativeworld.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.kidscreativeworld.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.kidscreativeworld.com/.well-known/acme-challenge/u4DsyteXPIv_WCk7OQ3MjsfDiB_b2zzj-DKbq2l1P3A [2604:a880:400:d1::9b9:e001]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

---

”, kidscreativeworld.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://kidscreativeworld.com/.well-known/acme-challenge/hsiJ2fr6k_XqdS3twjbaIAWGCNPYgzOD37N1yq8S3Zk [2604:a880:400:d1::9b9:e001]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

---

”

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: www.kidscreativeworld.com
  Type: unauthorized
  Detail: Invalid response from
  http://www.kidscreativeworld.com/.well-known/acme-challenge/u4DsyteXPIv_WCk7OQ3MjsfDiB_b2zzj-DKbq2l1P3A
  [2604:a880:400:d1::9b9:e001]: “\r\n404 Not
  Found\r\n<body bgcolor=“white”>\r\n

  404
  Not Found

  \r\n

  ---

  ”

  Domain: kidscreativeworld.com
  Type: unauthorized
  Detail: Invalid response from
  http://kidscreativeworld.com/.well-known/acme-challenge/hsiJ2fr6k_XqdS3twjbaIAWGCNPYgzOD37N1yq8S3Zk
  [2604:a880:400:d1::9b9:e001]: “\r\n404 Not
  Found\r\n<body bgcolor=“white”>\r\n

  404
  Not Found

  \r\n

  ---

  ”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

This is a brand new droplet made with installed only LEMP and phpmyadmin and I’ve read a lot of examples to see if I can figure why this isn’t working, but I ran out of ideas. I have set A, AAAA and CNAME records for the site and I have the same configuration in server block like on other domains in different droplets where adding a certificate works.

I’ve checked https://check-your-website.server-daten.de/?q=kidscreativeworld.com to see if I can find any information and what caught my attention is that I have a “connection failure”. I have no idea why since my ufw has enabled Nginx Full.

On the other hand, I have similar response on another domain which is on a different droplet, but there I don’t have a connection failure.

So, with huge lack of ideas how to proceed, I’m asking for some help here.

Hi @Hrenky

the "connection failure" isn't relevant, that's the https check. If you don't have a working certificate, that's expected.

The test shows a critical problem:

http://kidscreativeworld.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.93.243.191, Status 301
	
	http://kidscreativeworld.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 
2604:a880:400:d1::9b9:e001, Status 404
	configuration problem - different ip addresses with different status

Looks like your ipv6 isn't configured, so another server or vHost / server block answers.

• Remove your ipv6 entry (or)
• add a file in /.well-known/acme-challenge with a random filename, then try to check that file directly with the online tool to see, if ipv4 and ipv6 have the same content

Yep, removing the ipv6 entry did the trick, but I do have to ask why?

This droplet is based in NYC so there’s a possibility of something being different, but the rest of my droplets are based in Frankfurt and on 3 domains, setting ipv6 didn’t cause any problems, but on 1 it did so I gotta say that I’m confused at this point.

Read your new check with the test file - https://check-your-website.server-daten.de/?q=kidscreativeworld.com%2F.well-known%2Facme-challenge%2Ftest.txt

http + ipv4 + non-www has a redirect -> http + www
http + ipv6 + non-www has a http status 404 - Not Found.

So there are two options:

• ipv4 and ipv6 -> different machines, another nginx answers (or)
• ipv4 + ipv6 -> same machine, your server block doesn't work with ipv6 or another server block answers.

Check

nginx -T

to see if there is a Listen [::] directive.

I'm guessing that if it's the 1st choice then there's nothing much I can do.

Considering the possibility of the 2nd choice, I checked nginx -T and only listen directives I found were in default server block. Never assumed that it could be linked to another block.