Unable to create a new webserver under previous domain

My domain is:
austinsahnow.com

I ran this command:
certbot --nginx

It produced this output:

root@austinsahnow:~# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: austinsahnow.com
2: mail.austinsahnow.com
3: www.mail.austinsahnow.com
4: www.austinsahnow.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for austinsahnow.com
http-01 challenge for mail.austinsahnow.com
http-01 challenge for www.austinsahnow.com
http-01 challenge for www.mail.austinsahnow.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.austinsahnow.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.austinsahnow.com/.well-known/acme-challenge/bI74gxYI_jVEb4caqluzK_0DA5HeLp71wdfq4jhDUsc: Timeout during connect (likely firewall problem), www.austinsahnow.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.austinsahnow.com/.well-known/acme-challenge/AqfcjgtHNlJXBW0xsITjXOSrEQkZNdh0VUifor8Pz5k: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.austinsahnow.com
   Type:   connection
   Detail: Fetching
   http://mail.austinsahnow.com/.well-known/acme-challenge/bI74gxYI_jVEb4caqluzK_0DA5HeLp71wdfq4jhDUsc:
   Timeout during connect (likely firewall problem)

   Domain: www.austinsahnow.com
   Type:   connection
   Detail: Fetching
   http://www.austinsahnow.com/.well-known/acme-challenge/AqfcjgtHNlJXBW0xsITjXOSrEQkZNdh0VUifor8Pz5k:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version):
Server version: Nginx 1.14.2-2+deb10u3 (Debian)
Server built: 2021-05-21T22:30:00

The operating system my web server runs on is (include version):
Debian 10 x64 (buster)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

Relevant Information:
I have followed this (https://open.lbry.com/@Luke:7/setting-up-a-website-and-email-server-in:f) guide successfully twice now but decided to downgrade the server associated with the domain in question since I wasn't using the extra space. I now cannot connect to any new deployment I create using Vultr (in a browser) with this domain. My other domain is still perfectly accessible. I have a sinking feeling that I should have backed up some folder before I deleted that server to downgrade because I think the problem may have to do with the certificates pointing to a different (now nonexistent) IP address. If anyone can suggest how I could go about deleting those certificates or somehow updating them without access to that deployment anymore, please let me know.

Thank you so much!

1 Like

Certificates don't "point" to anything, they can only be valid for certain hostnames or in some cases (but not Let's Encrypt) IP addresses.

It's quite weird that austinsahnow.com seems to be validating nicely, but the www subdomain (www.austinsahnow.com) isn't.. Even though those two hostnames point to the same IP address? Although there is a difference between AAAA records (IPv6 addresses), this isn't really the issue as it seems your www.mail subdomain did validate, which also has that AAAA record set.

In any case, I can't connect to either your IPv4 nor IPv6 address on port 80 (or 443 for that matter). Please check your firewall(s) and perhaps fail2ban or similar software.

1 Like

Alright thank you so much! I played around with the firewall settings and ran certbot so I am actually able to see the site in a browser now. I'm not sure what you meant about the AAAA records being slighty off but, like you said, it does seem to work fine. Thanks for the explanation of certifcates too.

1 Like

Earlier, it seemed like some of your hostnames had an AAAA record, but not all of them. Now it seems every hostname has one. So forget I mentioned it :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.