Certbot fails to generate Let's Encrypt certs on the first attempt #173
Description
This has been an ongoing issue for several months, and it's confusing many new users.
We discovered that because many users who are new to SlickStack and LEMP don't realize that OpenSSL works fine and is much easier esp. when behind Cloudflare, they have apparently been choosing the letsencrypt option during setup, seeing that error, and assuming SlickStack doesn't work and then ditching it altogether.
After feedback on this confusion in our Discord chat room, we decided to default to openssl going forward AND hide the option from the setup wizard to avoid frustrating newbies.
However, this doesn't solve the issue of Certbot failing to issue the certificates on the first attempt, which seems to happen on virgin installations. The first time you run ss-install on a brand new server, everything tends to work fine except for Certbot, which "hangs" and then returns an "unauthorized" error... however, after running ss-install again, the certificates are issued properly with a SUCCESS message.
We've tried for a while to figure out what's causing this... we suspected it was IPv6 / Cloudflare related because of several other related cases on the forums and around the web, but it might be this:
However, you should keep an eye on whether there are any web forwards configured (some DNS providers allow this) e.g. if you forward www to non-www or vice-versa, this may trip up Certbot. In which case remove the domain you are forwarding using DNS from your certificate. This should resolve the issue.
Ref: https://webdock.io/en/docs/webdock-control-panel/ssl-certificate-guides/common-certbot-errors
I can personally confirm this issue still happens even when choosing the "Full SSL" setting in Cloudflare SSL tab, and even when IPv6 exists in the DNS records and resolves in the Nginx server, so this seems unrelated: