Yet the online tool https://unboundtest.com/ has these results https://unboundtest.com/m/AAAA/samyscrepes.com/Q5NOOWYZ
Query results for AAAA samyscrepes.com
Response:
;; opcode: QUERY, status: NOERROR, id: 6473
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: do; udp: 512
;; QUESTION SECTION:
;samyscrepes.com. IN AAAA
;; ANSWER SECTION:
samyscrepes.com. 0 IN AAAA 2a02:4780:21:7229:6f49:208:9c26:452e
----- Unbound logs -----
May 12 15:48:35 unbound1.19[2115721:0] debug: creating udp6 socket ::1 1053
And https://letsdebug.net/samyscrepes.com/1948284 is once again showing
[Address=2a02:4780:23:1b25:e09f:4c7b:5aeb:4ee8,Address Type=IPv6,Server=hcdn,HTTP Status=404] vs [Address=178.16.129.174,Address Type=IPv4,Server=Apache/2.4.57 (Ubuntu),HTTP Status=404]
MultipleIPAddressDiscrepancy
WARNING
samyscrepes.com has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.
[Address=2a02:4780:23:1b25:e09f:4c7b:5aeb:4ee8,Address Type=IPv6,Server=hcdn,HTTP Status=404] vs [Address=178.16.129.174,Address Type=IPv4,Server=Apache/2.4.57 (Ubuntu),HTTP Status=404]
===========================================================================
If you are not expecting to use IPv6 I would suggest deleting it.
===========================================================================
Showing curl results for both IPv4 & IPv6 and they are not the same.
IPv4 Results:
>curl -4 -Ii http://samyscrepes.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Date: Sun, 12 May 2024 15:55:33 GMT
Server: Apache/2.4.57 (Ubuntu)
Cache-Control: no-cache, private
Content-Type: application/json
IPv6 Results:
>curl -6 -Ii http://samyscrepes.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Server: hcdn
Date: Sun, 12 May 2024 15:55:40 GMT
Content-Type: text/html
Content-Length: 150
Connection: keep-alive
Vary: Accept-Encoding
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 84e2c48937f4ae42cb0d99a7e8f988da-bos-edge2
And just supplemental using nmap
of both IPv4 & IPv6; samyscrepes.com resolves to both IPv4 & IPv6 addresses.
IPv4
>nmap -4 -Pn -p80,443 samyscrepes.com
Starting Nmap 7.94 ( https://nmap.org ) at 2024-05-12 15:58 UTC
Nmap scan report for samyscrepes.com (178.16.129.174)
Host is up (0.16s latency).
Other addresses for samyscrepes.com (not scanned): 2a02:4780:1d:941f:df78:a6a7:67c8:81a1
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
IPv6
>nmap -6 -Pn -p80,443 samyscrepes.com
Starting Nmap 7.94 ( https://nmap.org ) at 2024-05-12 15:58 UTC
Nmap scan report for samyscrepes.com (2a02:4780:1d:941f:df78:a6a7:67c8:81a1)
Host is up (0.078s latency).
Other addresses for samyscrepes.com (not scanned): 178.16.129.174
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.66 seconds
Edit: and there is the HTTPS response on Port 443 is different also between IPv4 (failing) and IPv6
IPv4 failing response
>curl -4 -Ii https://samyscrepes.com/.well-known/acme-challenge/sometestfile
curl: (35) OpenSSL/1.1.1t: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
IPv6 response
>curl -6 -Ii https://samyscrepes.com/.well-known/acme-challenge/sometestfile
HTTP/2 404
server: hcdn
date: Sun, 12 May 2024 16:10:43 GMT
content-type: text/html
content-length: 150
vary: Accept-Encoding
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 32cfd11ebfe1e6ed287a0a3d5d47e560-bos-edge3
===========================================================================
Hi @Kritika,
Are you using a CDN?
Here Permanent link to this check report shows several different IPv6 Addresses.
And here shows some of the DNS:
Edit: here is what ICANN Lookup shows:
Nameservers:
NS1.DNS-PARKING.COM
NS2.DNS-PARKING.COM
===========================================================================
@Kritika,
Also Let's Encrypt uses Multi-Perspective Validation Improves Domain Validation Security - Let's Encrypt
And regarding that here are a few links to check out
- Let's Encrypt is adding two new remote perspectives for domain validation
- Multi-Perspective Validation & Geoblocking FAQ
- Unexpected renewal failures during April 2024? Please read this!
===========================================================================
Another tool showing the IPv4 vs IPv6 issue Hardenize Report: samyscrepes.com
===========================================================================
Also for future reference the is Aide (en français) in addition to Help.