New Virtualmin server - postinstall fails to get letsencrypt for virtual server

This is a brand new install. On the post-install script/page, I selected to create a virtual server for the main server and use letsencrypt for the certs.

Previously this worked very well with no issues. This time it failed, and inserted a self-signed cert instead.

Going to the virtual server and then to SSL to try to get the letsencrypt cert manually gave me these errors:

Web-Based Validation Failed

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for host5.johnsimmonshypertext.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: host5.johnsimmonshypertext.com
Type: unauthorized
Detail: 2604:180:f4::30d: Invalid response from Default Page 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

DNS Validation Failed

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for host5.johnsimmonshypertext.com

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: host5.johnsimmonshypertext.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.host5.johnsimmonshypertext.com - check that a DNS record exists for this domain

I tested the domain using letsdebug.net. For DNS, it gave:

All OK!
No issues were found with host5.johnsimmonshypertext.com. If you are having problems with creating an SSL certificate, please visit the Let’s Encrypt Community forums and post a question there.

For Web-Based it gave:

MultipleIPAddressDiscrepancy

WARNING

host5.johnsimmonshypertext.com has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.

[Address=2604:180:f4::30d,Address Type=IPv6,Server=nginx/1.18.0 (Ubuntu),HTTP Status=404] vs [Address=168.235.72.134,Address Type=IPv4,Server=nginx/1.18.0 (Ubuntu),HTTP Status=200]

I just have an A record for the ip4 and an AAAA record for the ip6 - I don’t understand why that is an issue.

Any ideas where to look?

Is your site reachable on both IPv4 and IPv6? Check and confirm if your webserver is configured for both IPv4 and IPv6.

weird, looks like a issue with the IP6 address.
Everything look ok in the change IP section on the virtualserver.

vpsfix - you sent me on the right path. For some reason, the nginx.conf file for the virtual server (for the main host) did not keep the IP6 info. It listed only the IP4. Once that was fixed, then the letsencrypt cert worked perfectly.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.