Reputation: 85
Certbot failed to authenticate some domains
This is my first time building a server and hosting it to AWS EC2. When running the command sudo certbot certonly --standalone or sudo certbot certonly --webroot I recieved this error below
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: matthieuxroger.com
Type: unauthorized
Detail: Invalid response from http://matthieuxroger.com/.well-known/acme-challenge/nWRAFCcRUeVxZ0C5YtRg_9bihG2YQeqacUcGjxdCMzg [18.205.22.32]: "<!DOCTYPE html>\n<html>\n <head>\n <title>Matthieux Roger</title>\n <link rel='stylesheet' href='/stylesheets/style.css' />\n "
I am using nodejs on ubuntu 20 running on AWS EC2. Any help would be apprieciated.
Upvotes: 5
Views: 50635
Answers (5)
Reputation: 35
If you cannot get HTTP authenticate challenges to work due to hosting setup restrictions, use the DNS challenge run using the following command
sudo certbot certonly --manual --preferred-challenges=dns -d matthieuxroger.com
This prompt will help you to create TXT records for authentication, Add the TXT records on DNS, wait for a time to propagate, then certbot will verify and issue a certificate. I hope this may help to authenticate.
Upvotes: -1
Reputation: 405
Check if the AAAA records (ipv6) are configured.
Either you get it to match with your server ipv6 or remove them entirely.
Upvotes: 1
Reputation: 21
Just check the domain name server like cloudflare, where you correctly add Records. Double check Record type, Name and content.
Before creating letsencrypt ssl certificate you must need to point/map your domain with the server.
In my case I add this:
Type, Name, Content
A, my-domain, 3.19.x.x
It resolved my issue.
Upvotes: 2
Reputation: 31
check the domain name server in your domain name registration that you have just the A record point to your address and delete other A records
Upvotes: 2
Reputation: 5645
When using the webroot method with Certbot, a web server is spun up that serves a single file, so that Let's Encrypt can verify the ownership of the server at a domain. But when LE accessed your domain, it got a different server that served a 404 page. It seems that the DNS for your domain isn't pointing to the EC2 instance that is requesting a certificate. (or perhaps it has been updated but just hasn't propagated yet). You need to update the DNS records to point to the server requesting a certificate with certbot. Alternatively, you can use a different challenge type that doesn't require running a server to prove ownership (such as dns-01).
Upvotes: 9
Related Questions
- Certbot unable to locate environment variable credentials
- certbot cannot verify domain and connection refused
- Certbot authenticator error with webroot setting
- Certbot: No valid ip addresses found / Invalid response found (From Google Cloud)
- Certbot Amazon Linux error can't generate ssl cert
- Certbot Fails Domain Authentication
- Certbot having problems finding my ACME challenge on nodejs web application
- Certbot Error: "Error getting validation data", Nginx Ubuntu Node server
- letsencrypt certbot timeout error
- CertBot unauthorized - Invalid response