SYSTEM INFORMATION | |
---|---|
OS type and version | Ubuntu Linux 22.04.2 |
Virtualmin version | 7.5 (LEMP) |
This is a brand new install. On the post-install script/page, I selected to create a virtual server for the main server and use letsencrypt for the certs.
Previously this worked very well with no issues. This time it failed, and inserted a self-signed cert instead.
Going to the virtual server and then to SSL to try to get the letsencrypt cert manually gave me these errors:
Web-Based Validation Failed
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for host5.johnsimmonshypertext.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: host5.johnsimmonshypertext.com
Type: unauthorized
Detail: 2604:180:f4::30d: Invalid response from Default Page 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
DNS Validation Failed
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for host5.johnsimmonshypertext.com
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: host5.johnsimmonshypertext.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.host5.johnsimmonshypertext.com - check that a DNS record exists for this domain
I tested the domain using letsdebug.net. For DNS, it gave:
All OK!
No issues were found with host5.johnsimmonshypertext.com. If you are having problems with creating an SSL certificate, please visit the Let’s Encrypt Community forums and post a question there.
For Web-Based it gave:
WARNING
host5.johnsimmonshypertext.com has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.
[Address=2604:180:f4::30d,Address Type=IPv6,Server=nginx/1.18.0 (Ubuntu),HTTP Status=404] vs [Address=168.235.72.134,Address Type=IPv4,Server=nginx/1.18.0 (Ubuntu),HTTP Status=200]
I just have an A record for the ip4 and an AAAA record for the ip6 - I don’t understand why that is an issue.
Any ideas where to look?