Unable to create ssh certificate for gentecho.com domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: gentecho.com

I ran this command: certbot --nginx -d gentecho.com

It produced this output:

Account registered.
Requesting a certificate for gentecho.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: gentecho.com
Type: unauthorized
Detail: 2606:50c0:8002::153: Invalid response from http://gentecho.com/.well-known/acme-challenge/-e6ydfIGtLtalR9La5canAVbFK4cXnOegwIA1I9QbmQ: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@gentecho:/etc/nginx/sites-enabled# nslookup gentecho.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: gentecho.com
Address: 139.59.52.164
Name: gentecho.com
Address: 2606:50c0:8002::153
Name: gentecho.com
Address: 2606:50c0:8003::153
Name: gentecho.com
Address: 2606:50c0:8001::153
Name: gentecho.com
Address: 2606:50c0:8000::153

My web server is (include version):
nginx version: nginx/1.22.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 22.10 x64

My hosting provider, if applicable, is:
digitalocean

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.29.0

It looks like you have IPv6 addresses for GitHub. Let's Encrypt uses IPv6 addresses when present and this is failing because it doesn't reach your nginx server. You probably just need to remove the IPv6 addresses or replace them with ones for your DO nginx.

Thanks for responding , i would request you to please recheck as i have enable ipv6 and is there anything else i am required to do

You are trying to get a cert with your nginx server. But, your IPv6 addresses do not point to that server.

IPv4 requests reach nginx

curl -I4 http://gentecho.com
HTTP/1.1 200 OK
Server: nginx/1.22.0 (Ubuntu)

But, IPv6 does not. It points to Github

curl -I6 http://gentecho.com
HTTP/1.1 200 OK
Server: GitHub.com

Also see my previous post

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.