Your domain name was entered correctly and the DNS A/AAAA record(s)

Hi everyone,

I couldn't obtain a certificate due to errors with DNS A/AAAA record(s) however they were already configured on Cloudflare.

Could you pls help folks? :slight_smile:

Nginx config:

server {
        root /var/www/hybridized;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name hybridized.club www.hybridized.club;

        #listen [::]:443 ssl http2 ipv6only=on;
        #listen 443 ssl http2; # managed by Certbot

        client_max_body_size 500M;

        location / {
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
                fastcgi_connect_timeout 300s;
                fastcgi_read_timeout 300s;
                fastcgi_send_timeout 300s;
        }

        location ~ /\.ht {
                deny all;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
            expires max;
            log_not_found off;
        }

        location ~ ^/\.user\.ini {
                deny all;
        }
    #ssl_certificate /etc/letsencrypt/live/f{{ defined_http_host }}/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/{{ defined_http_host }}/privkey.pem; # managed by Certbot
    # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

My domain is: hybridized

I ran this command: sudo certbot --nginx -d hybridized.club -d www.hybridized.club

It produced this output:

organic@server:/tmp$ sudo certbot --nginx -d hybridized.club -d www.hybridized.club
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for hybridized.club and www.hybridized.club
Performing the following challenges:
http-01 challenge for hybridized.club
Waiting for verification...
Challenge failed for domain hybridized.club
http-01 challenge for hybridized.club
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: hybridized.club
   Type:   unauthorized
   Detail: Invalid response from
   https://hybridized.club/.well-known/acme-challenge/vawtraltBCeRm2iRiVrrHezi_dhhSfhuipOLEuNzFh8
   [2606:4700:3031::6815:5fd0]: "<!DOCTYPE html>\n<!--[if lt IE 7]>
   <html class=\"no-js ie6 oldie\" lang=\"en-US\">
   <![endif]-->\n<!--[if IE 7]>    <html class=\"no-js "

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx/1.21.3

The operating system my web server runs on is (include version): Ubuntu 21.04

My hosting provider, if applicable, is: godaddy.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

1 Like

Why would you remove the "TLS" entries from your vhost? (a step in the wrong direction)
It now has no listen statement. (not even sure how nginx will use that)
Being behind CloudFlare, all of LE's challenge requests will come to your server as HTTPS requests; As seen in the failure:

2 Likes

Thanks for your help, mate. Adding "TLS" entries solved the problem.

Strange, it's worked before when I was setting up Nginx config files with HTTP/2 protocol with Godaddy though. I haven't had any problems with other domain registrars - have 8 more websites on the host :slight_smile:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.