Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: spicy-se.com
I ran this command: I'm using Trellis, which itself is running this command
cmd = (
'/usr/bin/env python /usr/local/letsencrypt/acme_tiny.py '
'--quiet '
'--ca https://acme-v02.api.letsencrypt.org '
'--account-key /var/lib/letsencrypt/account.key '
'--csr /var/lib/letsencrypt/csrs/{0}-{1}.csr '
'--acme-dir /home/forge/letsencrypt'
).format(site, letsencrypt_cert_ids[site])
It produced this output:
Challenge did not pass for {0}: {1}".format(domain, authorization))\nValueError: Challenge did not pass for spicy-se.com: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://spicy-se.com/.well-known/acme-challenge/EAwoAH35cKolPXpMdOc9tBatOcr2PBUFrTVvxaEIa6A', u'hostname': u'spicy-se.com', u'addressUsed': u'2a01:238:20a:202:1088::', u'port': u'80', u'addressesResolved': [u'64.226.87.39', u'2a01:238:20a:202:1088::']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/214212054687/gBoWmw', u'token': u'EAwoAH35cKolPXpMdOc9tBatOcr2PBUFrTVvxaEIa6A', u'error': {u'status': 403, u'type': u'urn:ietf:params:acme:error:unauthorized', u'detail': u'2a01:238:20a:202:1088::: Invalid response from http://spicy-se.com/.well-known/acme-challenge/EAwoAH35cKolPXpMdOc9tBatOcr2PBUFrTVvxaEIa6A: 404'}, u'validated': u'2023-03-26T17:52:24Z', u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'spicy-se.com'}, u'expires': u'2023-04-02T17:52:19Z'}
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
Digital Ocean
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I'm using Trellis (GitHub - roots/trellis: WordPress LEMP stack with PHP 8.1, Composer, WP-CLI and more)
I just spun up a new VPS earlier today. Pointed spicy-se.com to it as well as 5 subdomains. I set up SSL via Letsencrypt for all of them. All the subdomains worked right away without an issue, but the root domain does not want to work.
The root domain had a SSL cert issued by another registrar recently. I deactivated that but I have a feeling it's possibly related to my problems.
The domain is accessible via http, if I try to download the acme-challenge file it's also accessible so no idea why the error above says it gets a 404.
Anyone able to tell me why this is happening please?
Many thanks!
