Question

PROBLEM: SSL Certbot Nginx

As I was following thought the tutorial (https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04) I get stuck on the step 4, I get this:

Challenge failed for domain katze-community.com Challenge failed for domain www.katze-community.com http-01 challenge for katze-community.com http-01 challenge for www.katze-community.com Cleaning up challenges Some challenges have failed.

IMPORTANT NOTES:

I already check for the DNS A and I get the correct ip and also with the AAAA, but I can’t make it work, I waited maybe a day, it seems that it doesn’t help, I even use “ufw disable” just to check if the firewall is not blocking something, but It keeps the same.

I checked the logs on /var/log/letsencrypt/lestencrypt.log, but it seems to be the same, I tried to use “root /home/KatzeCommunity/proyect-KC/;” and “root /var/www/html” in the /etc/nginx/sites-available/default, but it doesn’t work in any case.

Not only that, but I tried to use these on the same document:

    location /.well-known/acme-challenge/ {
            try_files $uri = 404;
            root /var/www/html;
    }

    location /.well-known {
            allow all;
    }

And I seem that certbot can get the.well-known/acme-challenge/… neither.

And the last thing I tried was using the “Add certificate” option in the Security Tab under the Settings panel on my digital ocean account, but it doesn’t let me use the https on my website (I tried this first the first time I tried to get SSL on my website).

Subscribe
Share

How did you resolve this? I am having the same issue following the same tutorial.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

The solution to this issue for me was to add the following lines to my Nginx configuration server block:

listen 80;
listen [::]:80;

It turns out Nginx defaults to “listen *:80;” if no listen directive is present. This means Nginx by default ignores IPv6 requests. Certbot uses IPv6 for the challenge, so it fails.