Always getting certbot failed to authenticate some domains (authenticator: standalone)

Help
1

My domain is: maximatechnologies.in

I ran this command: sudo certbot certonly --standalone

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): maximatechnologies.in               
Requesting a certificate for maximatechnologies.in

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: maximatechnologies.in
  Type:   connection
  Detail: 140.238.227.47: Fetching http://maximatechnologies.in/.well-known/acme-challenge/FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ: Error getting validation data

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): certbon ran as standalone

The operating system my web server runs on is (include version): Ubuntu 20LTS

My hosting provider, if applicable, is: free cloud vm machine

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of c or certbot-auto --version if you're using Certbot): certbot 2.6.0

Able to reach website on port 80 earlier
Complete log:

2023-07-03 16:02:20,167:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2023-07-03 16:02:20,401:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-07-03 16:02:20,402:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3026/bin/certbot
2023-07-03 16:02:20,402:DEBUG:certbot._internal.main:Arguments: ['--standalone', '--preconfigured-renewal']
2023-07-03 16:02:20,402:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-03 16:02:20,409:DEBUG:certbot._internal.log:Root logging level set at 30
2023-07-03 16:02:20,410:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2023-07-03 16:02:20,412:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0xffff8dd02d90>
Prep: True
2023-07-03 16:02:20,412:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0xffff8dd02d90> and installer None
2023-07-03 16:02:20,412:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2023-07-03 16:02:20,591:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1188678377', new_authzr_uri=None, terms_of_service=None), 6a60684e96f94648f5c1cb4f21a8a4fb, Meta(creation_dt=datetime.datetime(2023, 7, 3, 14, 14, 6, tzinfo=<UTC>), creation_host='66a733921bec', register_to_eff=None))>
2023-07-03 16:02:20,592:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-07-03 16:02:20,594:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-07-03 16:02:21,328:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-07-03 16:02:21,329:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 03 Jul 2023 16:02:21 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "eZ4BBOC8E1o": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-07-03 16:02:21,329:DEBUG:certbot.display.ops:No installer, picking names manually
2023-07-03 16:02:31,897:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for maximatechnologies.in
2023-07-03 16:02:31,901:DEBUG:acme.client:Requesting fresh nonce
2023-07-03 16:02:31,901:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-07-03 16:02:32,145:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-07-03 16:02:32,146:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 03 Jul 2023 16:02:32 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 327C3SARc_S7QXEtGyifjn4-HPsvCW-UfBu-uz2sEt4owPE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-07-03 16:02:32,146:DEBUG:acme.client:Storing nonce: 327C3SARc_S7QXEtGyifjn4-HPsvCW-UfBu-uz2sEt4owPE
2023-07-03 16:02:32,146:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "maximatechnologies.in"\n    }\n  ]\n}'
2023-07-03 16:02:32,151:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE4ODY3ODM3NyIsICJub25jZSI6ICIzMjdDM1NBUmNfUzdRWEV0R3lpZmpuNC1IUHN2Q1ctVWZCdS11ejJzRXQ0b3dQRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "Hp62UI3HNvapux-vitY-8qWDm4qP9A12I2JD-dEjkp2-KnbER7MrxLrVytwdbrtvqaKavDA-0R31PB4R7wBeumnbgIxlhRhBqvWzh1vfNyPceR23D1M49c_YrNVkcfE-m3J5xc7UrpWu0KkqrkYQMOZ1x73bYZiu-XiblaqpbhjR_ahwRgWD736DZKX5k_gzg3XhmHUeKexOC-Z-PD_KdkAomKAmDk5v3_lFglUwCDMDC-Pdu1RM2hsk09dh1gaRU5tZ4DrwSekr-MdBahy4Hva4Jc0zEpwVuNB7MZpGgEq2LDym8ZctYGLfwJZRDufP3dU92gdMsTPT2isyM6xsJQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1heGltYXRlY2hub2xvZ2llcy5pbiIKICAgIH0KICBdCn0"
}
2023-07-03 16:02:32,538:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 347
2023-07-03 16:02:32,539:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 03 Jul 2023 16:02:32 GMT
Content-Type: application/json
Content-Length: 347
Connection: keep-alive
Boulder-Requester: 1188678377
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1188678377/192588318207
Replay-Nonce: 1AADsmKBrKuN63Xwkhe9FuwoYX1MeszCTcmdxopmpUWUTpY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-07-10T16:02:32Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "maximatechnologies.in"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/242314996087"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1188678377/192588318207"
}
2023-07-03 16:02:32,539:DEBUG:acme.client:Storing nonce: 1AADsmKBrKuN63Xwkhe9FuwoYX1MeszCTcmdxopmpUWUTpY
2023-07-03 16:02:32,539:DEBUG:acme.client:JWS payload:
b''
2023-07-03 16:02:32,542:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/242314996087:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE4ODY3ODM3NyIsICJub25jZSI6ICIxQUFEc21LQnJLdU42M1h3a2hlOUZ1d29ZWDFNZXN6Q1RjbWR4b3BtcFVXVVRwWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQyMzE0OTk2MDg3In0",
  "signature": "HqFZ634QX9bxVxWTm10831dOO_Rdc-RbxhC4YwOlvYPBbB-EbBO-n5F7n37dbrJS8t8B9w5g_jixPrmx59UmV8pkVLRLf791JjKOT3I_JzdT6syjc6W0MFJze7bEMVWCb-6x2lvbB5QwWtd-Eei7Qk-wPVy53yRUMTLrT8VnIab-Gb1uIoUpwH3L8Un3eB6NQwFQH8AMVBMsj-DaoWl7pKgljk2OJWSsjS5UcBKt_jr7i0FGPsW7Rv4PL-sxLYMSt7z6Z6S2VGQfHH8FMkoNRWjO_tYMIuSpr_t_Z_s117akZAUmLsxrn4owhjLJy7HjytG396IbujHBimq7MtgGNg",
  "payload": ""
}
2023-07-03 16:02:32,790:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/242314996087 HTTP/1.1" 200 805
2023-07-03 16:02:32,790:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 03 Jul 2023 16:02:32 GMT
Content-Type: application/json
Content-Length: 805
Connection: keep-alive
Boulder-Requester: 1188678377
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AAD6urxcj27nYEIAl4GJlhh5I_uB7rNCq-W_KA0LcVmFlE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "maximatechnologies.in"
  },
  "status": "pending",
  "expires": "2023-07-10T16:02:32Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/242314996087/2qzmSg",
      "token": "FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/242314996087/I9NPAQ",
      "token": "FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/242314996087/jIuiag",
      "token": "FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ"
    }
  ]
}
2023-07-03 16:02:32,790:DEBUG:acme.client:Storing nonce: 1AAD6urxcj27nYEIAl4GJlhh5I_uB7rNCq-W_KA0LcVmFlE
2023-07-03 16:02:32,791:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-07-03 16:02:32,791:INFO:certbot._internal.auth_handler:http-01 challenge for maximatechnologies.in
2023-07-03 16:02:32,791:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2023-07-03 16:02:32,791:DEBUG:acme.standalone:Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2023-07-03 16:02:32,793:DEBUG:acme.client:JWS payload:
b'{}'
2023-07-03 16:02:32,796:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/242314996087/2qzmSg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE4ODY3ODM3NyIsICJub25jZSI6ICIxQUFENnVyeGNqMjduWUVJQWw0R0psaGg1SV91QjdyTkNxLVdfS0EwTGNWbUZsRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjQyMzE0OTk2MDg3LzJxem1TZyJ9",
  "signature": "s0XTvNnwlaZodhK8J3FRq-WlAd3WsDZGrWsGGqhfrG2ZqrH66vBHT7zIJOT8Amj0k76t67qgJubhw_tl2ohRi1JmmCcd4voE1hMiZVJXJ0qeCD48eGvqM7KoUTV5fvzFAwLmL0tStJaUUJw_cfUrzgdZ5wGMItok_90dV97kyN-G8ElyBiv9S970HWHbe-F7Z_r3S4PMhmznNs96zu80fJPA2QIkfrE-8YLZFqA8-UCIKTOWDXfGq9AtrU_4tcp5eNf2Q3dVN_MhjpHKrxu3OYKTscSuzI5EKOJjk1NXVQV_Rk2D_IOsnZpctuSx0KQJkfqYaXPbWsA7wKVtZcLqFg",
  "payload": "e30"
}
2023-07-03 16:02:33,045:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/242314996087/2qzmSg HTTP/1.1" 200 187
2023-07-03 16:02:33,045:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 03 Jul 2023 16:02:32 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1188678377
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/242314996087>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/242314996087/2qzmSg
Replay-Nonce: 327C1FXp3n0zyYwmkn9HsEmGYprq0ljhc_K1We-mbX_6RZQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/242314996087/2qzmSg",
  "token": "FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ"
}
2023-07-03 16:02:33,045:DEBUG:acme.client:Storing nonce: 327C1FXp3n0zyYwmkn9HsEmGYprq0ljhc_K1We-mbX_6RZQ
2023-07-03 16:02:33,046:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-07-03 16:02:34,047:DEBUG:acme.client:JWS payload:
b''
2023-07-03 16:02:34,050:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/242314996087:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE4ODY3ODM3NyIsICJub25jZSI6ICIzMjdDMUZYcDNuMHp5WXdta245SHNFbUdZcHJxMGxqaGNfSzFXZS1tYlhfNlJaUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQyMzE0OTk2MDg3In0",
  "signature": "oQoyIi-FW1kBqbKZJr_A8vOpLPmUmH5e2xoXuNatJm-uHgAF4lWlYvIVJcCdVbkPI09upd_KNJMOIJHa57jY-yCmNDN9CscF9h1YU9gToFWNBpjt3jisxYEqadljlyNs6A-ZiPmo4A_9GuU4ulJui6ePo_lIzgyCvIHJF6d_9YlFY3dKI4WsmQPk5-gpsQfvO3QP3u9cbakezt6tO1HgHJjdmUkJo_BcIDWm5bqBxunZMjSnOdcczXfC1F8vhqsPxAarxDXfFO7WfgGXRt1ArREL6_YhLkRGWc-SZr5nvD7i56oq2ooQcc6MzNVNGdFHQD-DaQEIXLjz9pozC9xzBA",
  "payload": ""
}
2023-07-03 16:02:34,297:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/242314996087 HTTP/1.1" 200 1066
2023-07-03 16:02:34,298:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 03 Jul 2023 16:02:34 GMT
Content-Type: application/json
Content-Length: 1066
Connection: keep-alive
Boulder-Requester: 1188678377
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AADq-1tmFarFNqVKdlRmTzt3pz4GPsr9297rosK_Oq1WSE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "maximatechnologies.in"
  },
  "status": "invalid",
  "expires": "2023-07-10T16:02:32Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "140.238.227.47: Fetching http://maximatechnologies.in/.well-known/acme-challenge/FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ: Error getting validation data",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/242314996087/2qzmSg",
      "token": "FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ",
      "validationRecord": [
        {
          "url": "http://maximatechnologies.in/.well-known/acme-challenge/FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ",
          "hostname": "maximatechnologies.in",
          "port": "80",
          "addressesResolved": [
            "140.238.227.47"
          ],
          "addressUsed": "140.238.227.47"
        }
      ],
      "validated": "2023-07-03T16:02:32Z"
    }
  ]
}
2023-07-03 16:02:34,298:DEBUG:acme.client:Storing nonce: 1AADq-1tmFarFNqVKdlRmTzt3pz4GPsr9297rosK_Oq1WSE
2023-07-03 16:02:34,298:INFO:certbot._internal.auth_handler:Challenge failed for domain maximatechnologies.in
2023-07-03 16:02:34,299:INFO:certbot._internal.auth_handler:http-01 challenge for maximatechnologies.in
2023-07-03 16:02:34,299:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: maximatechnologies.in
  Type:   connection
  Detail: 140.238.227.47: Fetching http://maximatechnologies.in/.well-known/acme-challenge/FZ6TbuBUU-IIu0HC_bAdjR8j5HkeCbRdoM4GE_UPkEQ: Error getting validation data

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2023-07-03 16:02:34,299:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-03 16:02:34,299:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-07-03 16:02:34,299:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-07-03 16:02:34,299:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2023-07-03 16:02:34,794:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3026/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3026/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-03 16:02:34,795:ERROR:certbot._internal.log:Some challenges have failed.
2

Your site is not reachable using HTTP on port 80 nor using HTTPS on port 443. For the standalone plugin to work, your site needs to be reachable on port 80.

2 Likes
3

If I run the application on port 80, it is giving error.

certbot certonly --standalone

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Please enter the domain name(s) you would like on your certificate (comma and/or

space separated) (Enter 'c' to cancel): maximatechnologies.in

Requesting a certificate for maximatechnologies.in

Could not bind TCP port 80 because it is already in use by another process on

this system (such as a web server). Please stop the program in question and then

try again.

(R)etry/(C)ancel:

I see in documentation Certbot Instructions | Certbot, we can run this standalone mode without running webserver

4

Please show the output of:
netstat -pant | grep 80

2 Likes
5

$ netstat -pant | grep 80
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 10.0.0.162:48508 185.125.190.36:80 TIME_WAIT -
tcp6 0 0 :::80 :::* LISTEN -

6

We can't see the name of the program using port 80 without root level privileges.
Try using:
sudo netstat -pant | grep 80 | grep -i listen

2 Likes
7

$sudo netstat -pant | grep 80 | grep -i listen
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 328291/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 328299/docker-proxy

$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3976304e5c72 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 0.0.0.0:80->80/tcp, :::80->80/tcp friendly_albattani

8

Docker is using port 80.
To me, that means you are likely running certbot outside the docker container that needs the cert.

4 Likes
9

Yes I'm running certbot outside the docker container and also I tried with certbot docker image, same result is coming

10

let's throw nfque plugin so we can get cert from host
certbot in a docker prone to user deletes certificate too much.

4 Likes
11

I got the different error this time

$ sudo certbot certonly -a standalone-nfq -d "maximatechnologies.in" -d "www.maximatechnologies.in" --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for maximatechnologies.in and www.maximatechnologies.in

Certbot failed to authenticate some domains (authenticator: standalone-nfq). The Certificate Authority reported these problems:
Domain: maximatechnologies.in
Type: unauthorized
Detail: 140.238.227.47: Invalid response from http://maximatechnologies.in/.well-known/acme-challenge/qRL1EGwRczWsQcNtpbkYv0Cz4zwv4t_L9ZcsvWsLSpw: 404

Domain: www.maximatechnologies.in
Type: unauthorized
Detail: 140.238.227.47: Invalid response from http://www.maximatechnologies.in/.well-known/acme-challenge/ARA432WpMSxT1m1Z326BtPRVCqA3sUJFbl2ERbsvHXE: 404

Hint: The Certificate Authority couldn't externally verify that the standalone-nfq plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

complete log:- ~$ sudo cat /var/log/letsencrypt/letsencrypt.log2023-07-04 08:53:39,321:DEBUG: - Pastebin.com

12

oh that plug-in only hooks on input chian but as docker it forwarded so they never hit that part of firewall I'd have to ask AZ to bind it to preroute instead?

2 Likes
13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.