Dear Community!
I’m new with let’s encrypt and try to sign my domain and have no idea what this output try to tell me or what actions I can take. Hope someone can spot some light into this.
Many thanks!
My domain is: international-flightcenter.com, www.international-flightcenter.com
I ran this command:
/app # ./letsencrypt_service
It produced this output:
/etc/nginx/certs/international-flightcenter.com /app
Creating/renewal international-flightcenter.com certificates… (international-flightcenter.com www.international-flightcenter.com)
2018-12-27 01:27:33,581:INFO:simp_le:1479: Generating new certificate private key
2018-12-27 01:27:39,309:ERROR:simp_le:1446: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains’ DNS entries, your host’s network/firewall setup and your webserver config. If a domain’s DNS entry has both A and AAAA fields set up, some CAs such as Let’s Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let’s Encrypt won’t issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-v01.api.letsencrypt.org/acme/authz/hQ68TvQNReYzPk8z2MhfU3bBcQtQAt4ZXiXkWhTB16Y, https://acme-v01.api.letsencrypt.org/acme/authz/VMw7S1w21frhYkjn1AMCqWEHq4n3W6dakHqFGWivByI
Challenge validation has failed, see error log.
Debugging tips: -v improves output verbosity. Help is available under --help.
/app
Sleep for 3600s
My web server is (include version):
Server version: Apache/2.4.25 (Debian)
Server built: 2018-11-03T18:46:19
The operating system my web server runs on is (include version):
Linux 2d9fce6e0b15 4.15.0-1031-aws #33-Ubuntu SMP Fri Dec 7 09:32:27 UTC 2018 x86_64 GNU/Linux
PRETTY_NAME=“Debian GNU/Linux 9 (stretch)”
NAME=“Debian GNU/Linux”
VERSION_ID=“9”
VERSION=“9 (stretch)”
My hosting provider, if applicable, is: AWS I’m running https://gilyes.com/docker-nginx-letsencrypt/ and have a dedicate apache2 container with the corresponding domains. both containers share the cert NFS
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I have received a new folder with json file in it but no cerificates:
/etc/nginx/certs # ls -lsah
total 28K
4.0K drwxr-xr-x 4 root root 4.0K Dec 27 00:27 .
4.0K drwxr-xr-x 5 root root 4.0K Dec 26 22:51 …
4.0K drwxr-xr-x 3 root root 4.0K Dec 27 00:27 accounts
4.0K -rw-r–r-- 1 root root 1.7K Dec 26 22:58 default.crt
4.0K -rw-r–r-- 1 root root 3.2K Dec 26 22:58 default.key
4.0K -rw-r–r-- 1 root root 424 Dec 26 22:58 dhparam.pem
4.0K drwxr-xr-x 2 root root 4.0K Dec 27 01:47 international-flightcenter.com