Unauthorized / Invalid response from

So, my case is the following -

I have two different VPS servers, I have configured one of them without any issues (including the certbot configuration), which means that I obtained an SSL certificate for one of them.

Now I am trying to configure the second one (I require two of them because they'll have a load balancer in front of them which will redirect traffic from one to the second one in case of overloads)

I am not sure however whether I need to somehow "port" the already existing SSL certificate from my already working VPS to the second one that I am currently configurng, or whether I need to issue a second one for the second VPS.

Anyhow, when I try to run the command indicated below I get the error indicated below.

I am 100% sure that the DNS records are configured correctly.

Based on what I am able to logically understand is that it's trying to access this page ->

https://www.itgmarket.net/.well-known/acme-challenge/L7_BkTSxk0vITZqLHEPtp2dQBWPUgz9cqjJ-DYpPZYA:

Which of course shouldn't really be able to because there's no configured SSL and the server leads to a 521 error

My domain is: itgmarket.net

I ran this command:

certbot --nginx -d itgmarket.net -d www.itgmarket.net --non-interactive --agree-tos -m support@itgmarket.net

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for itgmarket.net and www.itgmarket.net
Performing the following challenges:
http-01 challenge for itgmarket.net
http-01 challenge for www.itgmarket.net
Waiting for verification...
Challenge failed for domain www.itgmarket.net
http-01 challenge for www.itgmarket.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.itgmarket.net
   Type:   unauthorized
   Detail: 2606:4700:3108::ac42:28a6: Invalid response from
   https://www.itgmarket.net/.well-known/acme-challenge/Z6bv3JRNd38Bq70C1IFawYYpwIID6h2zAoXIWK-wOyI:
   521

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is: nginx/1.20.1

The operating system my web server runs on is (: CentOS 7

My hosting provider, if applicable, is: VPS / Namecheap

I can login to a root shell on my machine : Yes, I can

I'm using a control panel to manage my site: Not really, SSH access only.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Welcome to the community @Reallisticus

Hmmm. Your apex domain points to a single IP but your www subdomain points to Cloudflare. Is that intentional and, if so, can you explain more what you are doing with that?

Name:   itgmarket.net
Address: 199.192.22.105

Name:   www.itgmarket.net
Address: 172.66.43.90
Address: 172.66.40.166
Address: 2606:4700:3108::ac42:28a6
Address: 2606:4700:3108::ac42:2b5a
4 Likes

Your question actually led to the solution of my issue.

The whole configuration is passing through cloudflare and I was using the proxied version, once I switched that off I was able to issue the certificate without any problems.

Thank you ! =)

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.