500 internal server error while waiting for verification

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: missjoey.com

I ran this command: sudo certbot certonly --standalone

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ā€˜cā€™
to cancel): missjoey.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for missjoey.com
Waiting for verificationā€¦
Challenge failed for domain missjoey.com
http-01 challenge for missjoey.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Linux (unsure of version)

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I donā€™t know): yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel): yes, godaddyā€™s built-in file manager

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot): certbot 0.37.1

I have already hit the limit for retries. Would appreciate if anyone can shed some light on how to make it work after the break. Thank you for your time.

--standalone is suitable when you have no webserver running at all.

Your server appears to be running Apache for a webserver. You canā€™t run both --standalone and Apache at the same time.

One option can be to try use the Apache mode of Certbot instead:

certbot certonly --apache -d missjoey.com --dry-run

Or you can keep using standalone, but stop Apache first:

certbot certonly --standalone -d missjoey.com \
--pre-hook "service apache2 stop" \
--post-hook "service apache2 start" \
--dry-run

(If you are on CentOS, you may need to substitute apache2 for httpd).

Thank you _az for ur help on this beginner. Itā€™s really my first time trying to do this.

So does it mean Iā€™m running this on my own computer (Mac) and my webserver is hosted on godaddy.com, it still doesnā€™t make it suitable for using -standalone? The instructions of getting the SSL with Letā€™s Encrypt is generally handleable, except for that part whether the server is on the same computer and can be stopped is a little confusing for me. I guess I completely misunderstood it.

You should be running Certbot on the same place where your domain name is being hosted: your GoDaddy server.

Running it from your computer generally wonā€™t work, unless you want to perform fully manual validation, such as with:

certbot certonly -d missjoey.com -a manual --preferred-challenges dns

and then following the prompts to create the required DNS record in your GoDaddy control panel.

Which specific GoDaddy hosting product are you using? That is the main factor that informs what the best way for you to acquire a certificate is.

Edit: There are some other Letā€™s Encrypt clients (besides Certbot) that can make the task of issuing a certificate via GoDaddy a bit easier, such as this one: https://github.com/Neilpang/acme.sh/wiki/dnsapi#4-use-godaddycom-domain-api-to-automatically-issue-cert

Oh I was exactly aware of how I canā€™t run certbot on godaddy thatā€™s why I was doing it manually. I totally thought I was following the instructions for manually doing it. Iā€™m on a Linux with Apacheā€¦or how can I tell you what product. Please be so kind to advise.

Hi _az, I have tried the command you provided (for fully manual validation) and am seeing progress. I am able to proceed till I am required to deploy the TXT file in the directory, and then received the following error:

Waiting for verificationā€¦
Challenge failed for domain missjoey.com
dns-01 challenge for missjoey.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: missjoey.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.missjoey.com

I have saved the file as both _acme-challenge.missjoey.com and _acme-challenge.missjoey.com.TXT. Should it be something else?

That's not a file, that's a DNS record. You need to create it in your GoDaddy Control Panel in the DNS area.

However, if you would rather work with files, you can do that - we just need a slightly different command:

certbot certonly -d missjoey.com -a manual --preferred-challenges http

It will ask you to create a file inside the .well-known/acme-challenge/ directory of your website with certain file contents.

Remember that you would have to repeat this entire process every time your Let's Encrypt certificate is going to expire (at least once every 90 days). It may be preferable to find a hosting plan or provider that allows you to automate the certificate issuance and renewal process with software, or even takes care of it for you.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.