I also have port 443 open, though I have not referred to it anywhere in the nginx config. I have also tried the same procedure but using nodejs to return the acme-challenge file, but with the same results.
I'm not sure; I guess it could be. But even if it's not, you need to fix that anyway. Let's Encrypt certificates can't be issued for IP addresses, so even if you got a certificate, you couldn't use it to protect the connection to the IP address.
(and I suppose there's not much benefit to having an AAAA record if all it does is redirect to an IPv4 address anyway...)
The redirect might be in your nginx configuration or it might be some code in your application.
Yes, it’s a problem. By design, Let’s Encrypt won’t follow redirects to an IP address like that. (It’s a kind of arbitrary decision to simplify the software, I believe.)
The browser isn’t converting the URL. The web server is configured to respond with an HTTP redirect, and clients follow it (or don’t).
I’m not sure what’s generating the first redirects – but it’s probably not Nginx – but it looks like the last redirect is being generated by an ASP.NET application.
(By the way, the site has an AAAA record, but connecting over IPv6 results in “Connection refused”. If it’s running Nginx, you need to add “listen [::]:80;” For other web servers, something similar.)
I tried using “forward with masking” from my dns supplier, but that’s a no go too isn’t it, as it just wraps everything in an iframe which again the certbot doesn’t like.
I have also just served using a simple python server (with no nginx, )and the same redirect happens so I think it is outside the control of my server, does that sound right? There is nothing I can do in my server that would prevent this redirect from happening is there, by the looks of things?
I assume the next port of call would be the company that host my server then, would that be the source of the redirect? Is this a general problem with some hosting providers, can their configuration be incompatible with letsencrypt?