Cannot download challenge files from-- Calibre Server on Win 10 w/ Certbot & no-ip

Help
1

Long story short, I have tried numerous times to use certbot and it cannot find what it wants. This is my first time attempting to set up any server accessible outside my home network and I am very frustrated.

Steps I have taken:

  1. Set up accounts, domain name, installed dynamic update client from no-ip, yada yada. That should all be fine.
  2. Verified calibre server works across local network and this has always been reliable at every step.
  3. Set up port-forwarding on router to send external :80 traffic to local :80 port and same with :443.
  4. Set up firewall rules allowing inbound/outbound on 80/443. Currently disabled while not testing, I re-enable right before testing. Hasn't seemed to help any.
5. Checked Let's Debug, successful results

Test result for fennelserver.hopto.org using http-01

HTTPCheck

DEBUG

Requests made to the domain

Request to: fennelserver.hopto.org/161.38.146.13, Result: [Address=161.38.146.13,Address Type=IPv4,Server=,HTTP Status=404], Issue:
Trace:
@0ms: Making a request to http://fennelserver.hopto.org/.well-known/acme-challenge/letsdebug-test (using initial IP 161.38.146.13)
@0ms: Dialing 161.38.146.13
@89ms: Server response: HTTP 404 Not Found

HTTPRecords

DEBUG

A and AAAA records found for this domain

fennelserver.hopto.org. 0 IN A 161.38.146.13

LetsEncryptStaging

DEBUG

Challenge update failures for fennelserver.hopto.org in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/1895308868

acme: error code 403 "urn:ietf:params:acme:error:unauthorized": Invalid response from http://fennelserver.hopto.org/.well-known/acme-challenge/vgKjYauYcGi40T_cFRiYZafGAn5zveeHqzom4uZeRYs [161.38.146.13]: 404

PublicSuffix

DEBUG

The IANA public suffix is the TLD of the Registered Domain

The TLD for fennelserver.hopto.org is: org

StatusIO

DEBUG

The current status.io status for Let's Encrypt

Operational

  1. Tried check your website with these results
  2. Torn my hair out because I don't get what the problem is. Tell me everything.
Questions I have:
  1. Is it a problem that I require authentication on the Calibre server? It gives you nothing but a login page if you are not logged in.
  2. Should port 443 matter at all for just getting a certificate? I'm very confused on this.
  3. Do prefixes like www. and so on matter? I have not been putting those at any step in this process. I'm just honestly so darn confused.

My domain is:fennelserver.hopto.org (via noip)

I ran this command: certbot certonly --standalone

It produced this output: Brief log then full log below that:

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: fennelserver.hopto.org
Type: unauthorized
8oVje_AunCAk [161.38.146.13]: 404
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver

Some challenges have failed.

Full Log

2022-02-27 08:32:52,130:DEBUG:certbot._internal.main:certbot version: 1.23.0
2022-02-27 08:32:52,131:DEBUG:certbot._internal.main:Location of certbot entry point: C:\Program Files (x86)\Certbot\bin\certbot.exe
2022-02-27 08:32:52,131:DEBUG:certbot._internal.main:Arguments: ['--standalone', '--preconfigured-renewal']
2022-02-27 08:32:52,131:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-27 08:32:52,174:DEBUG:certbot._internal.log:Root logging level set at 30
2022-02-27 08:32:52,178:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2022-02-27 08:32:52,181:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x0504EBC8>
Prep: True
2022-02-27 08:32:52,181:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x0504EBC8> and installer None
2022-02-27 08:32:52,181:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2022-02-27 08:32:52,202:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/421875960', new_authzr_uri=None, terms_of_service=None), b67bc298385f184b194375224708d620, Meta(creation_dt=datetime.datetime(2022, 2, 23, 12, 40, 9, tzinfo=), creation_host='Battlestation', register_to_eff='prometheus720@protonmail.com'))>
2022-02-27 08:32:52,219:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-02-27 08:32:52,221:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-02-27 08:32:52,372:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2022-02-27 08:32:52,372:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 27 Feb 2022 14:32:50 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"2DbAETBuLdI": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-02-27 08:32:52,372:DEBUG:certbot.display.ops:No installer, picking names manually
2022-02-27 08:32:57,299:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for fennelserver.hopto.org
2022-02-27 08:32:57,434:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): C:\Certbot\keys\0013_key-certbot.pem
2022-02-27 08:32:57,446:DEBUG:certbot.crypto_util:Creating CSR: C:\Certbot\csr\0013_csr-certbot.pem
2022-02-27 08:32:57,446:DEBUG:acme.client:Requesting fresh nonce
2022-02-27 08:32:57,446:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-02-27 08:32:57,495:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-02-27 08:32:57,495:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 27 Feb 2022 14:32:55 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102fXVcRvTIVsl9l56hciFF1eYcBZ-qlNQegrME4aTGHi8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2022-02-27 08:32:57,495:DEBUG:acme.client:Storing nonce: 0102fXVcRvTIVsl9l56hciFF1eYcBZ-qlNQegrME4aTGHi8
2022-02-27 08:32:57,496:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "fennelserver.hopto.org"\n }\n ]\n}'
2022-02-27 08:32:57,500:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDIxODc1OTYwIiwgIm5vbmNlIjogIjAxMDJmWFZjUnZUSVZzbDlsNTZoY2lGRjFlWWNCWi1xbE5RZWdyTUU0YVRHSGk4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "JafzQ7ewEiXy3Nu5wi531bsfbAFlMeP503GSbD5wie3nV8oNlD0ppyJnmRvcVgZ037EHSYZhT3NwM3k20C4Mhl7f9_DmB8ytPpNNlrhZPKPZAH5WT8PEgHs01QPWuC1Tstdpvt12xFHvSMOO9I6piXHOH7ShNI455xU2dVvqUx62x-_0bsn5rhDBK7YYEMJkWqqjUj7DvYyawiqCCh9A946t5jQ2Er4lWvhlGPeYyNTCk7cOpdBZASV4pzC-MX01rEeaDuCIiu-qA1kq9GRaxF6CH5DLjZi0z7q4dfE2xcNJb0ltjdpTI1ZjQ37KUFhqI0wlPKae_W5kPgRUbCbPKw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZlbm5lbHNlcnZlci5ob3B0by5vcmciCiAgICB9CiAgXQp9"
}
2022-02-27 08:32:57,874:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 345
2022-02-27 08:32:57,874:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 27 Feb 2022 14:32:56 GMT
Content-Type: application/json
Content-Length: 345
Connection: keep-alive
Boulder-Requester: 421875960
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/421875960/67364575750
Replay-Nonce: 0101-LCm8k25GqqkEyUe9_ac1fUsb5kfLM50hE729Rn2lwY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2022-03-06T14:32:56Z",
"identifiers": [
{
"type": "dns",
"value": "fennelserver.hopto.org"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/82649468160"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/421875960/67364575750"
}
2022-02-27 08:32:57,874:DEBUG:acme.client:Storing nonce: 0101-LCm8k25GqqkEyUe9_ac1fUsb5kfLM50hE729Rn2lwY
2022-02-27 08:32:57,875:DEBUG:acme.client:JWS payload:
b''
2022-02-27 08:32:57,879:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/82649468160:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDIxODc1OTYwIiwgIm5vbmNlIjogIjAxMDEtTENtOGsyNUdxcWtFeVVlOV9hYzFmVXNiNWtmTE01MGhFNzI5Um4ybHdZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84MjY0OTQ2ODE2MCJ9",
"signature": "FBA9Fyf3oaGNRuQ_hchH9Nib3efCeCLH0OtQu5OzevE4KtHv2HprWJ5fnsiFsv0xpBfqEvnpl1LZAC3uRSXStQzyT8Z6lGuXC4GsQbVMrmso90-WOl3dC0WsKsTEXsBjRzR73C1soqaETbhG0rxo3Haj6fzkImJSuwJOJCY9oIfdtpYG4JDN7FEHgKaGOsejlexj1W-QT878Ai4M_yBohU-LztT1JSBJEgfv-3LIXNqZveiGRKpK11pHFtMbdsdqbp_LcSfdBZAK8sFzDEcAm_9rgfOKsRWfThKFa-kg2jkRDGtlR3BGthl9cEAbakoO67XGpMIrUqme5ryqlWL7UA",
"payload": ""
}
2022-02-27 08:32:57,953:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/82649468160 HTTP/1.1" 200 803
2022-02-27 08:32:57,953:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 27 Feb 2022 14:32:56 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 421875960
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0101pg30QJ4z35IWWq8yS1y5UL6axu72anw-cJ9lH6tuCT8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "fennelserver.hopto.org"
},
"status": "pending",
"expires": "2022-03-06T14:32:56Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/82649468160/BL76DQ",
"token": "PAFaxF2x5BliQzC6clQgijYt8ZKgFAr8oVje_AunCAk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/82649468160/2E89Pg",
"token": "PAFaxF2x5BliQzC6clQgijYt8ZKgFAr8oVje_AunCAk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/82649468160/Ua9dBQ",
"token": "PAFaxF2x5BliQzC6clQgijYt8ZKgFAr8oVje_AunCAk"
}
]
}
2022-02-27 08:32:57,953:DEBUG:acme.client:Storing nonce: 0101pg30QJ4z35IWWq8yS1y5UL6axu72anw-cJ9lH6tuCT8
2022-02-27 08:32:57,954:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-02-27 08:32:57,954:INFO:certbot._internal.auth_handler:http-01 challenge for fennelserver.hopto.org
2022-02-27 08:32:57,956:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2022-02-27 08:32:58,804:DEBUG:acme.standalone:Successfully bound to :80 using IPv4
2022-02-27 08:32:58,805:DEBUG:acme.client:JWS payload:
b'{}'
2022-02-27 08:32:58,809:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/82649468160/BL76DQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDIxODc1OTYwIiwgIm5vbmNlIjogIjAxMDFwZzMwUUo0ejM1SVdXcTh5UzF5NVVMNmF4dTcyYW53LWNKOWxINnR1Q1Q4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My84MjY0OTQ2ODE2MC9CTDc2RFEifQ",
"signature": "REDPKBkq8cVED19hukunPc10GFAxugfjXuZRk6Gziqwv6rUC6AogmtjA-u2dDGhprI7Xo8zBnVemDw6S4VqkycBk-vWN4wCMdyLzXC8PKAH3xmEE5Mf5WMJBds2ZsychNxk6CpqaqS1J3ODN5OhCXtY3m_ELlqkuOZLSMZ1KTCVT_z1z3onyojUCl5UfZSXSzEfZjwTJ6OwXPyoHAhSKsH3beoG9MmV1o-RAXf8zqYxk8rCjHP2JJEEBvuBCLPDQ713YaQSdy_rvBrZlmN9_YY7SpWUYnDZ6jfD4UmDGfgQnZZEmM44GZgH_3k7aMd0rAMKN4KDpcNjPZm3XEdRtvw",
"payload": "e30"
}
2022-02-27 08:32:58,887:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/82649468160/BL76DQ HTTP/1.1" 200 186
2022-02-27 08:32:58,887:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 27 Feb 2022 14:32:57 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 421875960
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/82649468160;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/82649468160/BL76DQ
Replay-Nonce: 0101UhQ1ueTNCyu00ykozWgPk-TSrqouU_x6Ll3jk8Y1fsg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/82649468160/BL76DQ",
"token": "PAFaxF2x5BliQzC6clQgijYt8ZKgFAr8oVje_AunCAk"
}
2022-02-27 08:32:58,887:DEBUG:acme.client:Storing nonce: 0101UhQ1ueTNCyu00ykozWgPk-TSrqouU_x6Ll3jk8Y1fsg
2022-02-27 08:32:58,888:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-02-27 08:32:59,896:DEBUG:acme.client:JWS payload:
b''
2022-02-27 08:32:59,901:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/82649468160:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDIxODc1OTYwIiwgIm5vbmNlIjogIjAxMDFVaFExdWVUTkN5dTAweWtveldnUGstVFNycW91VV94NkxsM2prOFkxZnNnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84MjY0OTQ2ODE2MCJ9",
"signature": "T6R_Dm5fFrsag6J-MT9CU7Rpu-fX_SJ3bRs2--tMA5874LCuHIdzG8JlIBOPFlQCQplNer3Hyty02TVW6TWzvJ-sV2lNJr_XJaIhhsxgGhqu0sv_ZWLiCSQCZ5PllJYC_gVfPed0zJkfnFyTdQ5lqtg9nYw8b8MGLGqNvjkk-i7oMzXBQ74g3LIDK57c1pxkhMYKmuCz9u5cLeaSOD-d5154q3JLcK0aSEu6PdX9dEq8l6-VhZiWSDZ1NQ0cXKP6Q4DsTNxrPxsA6bvdY3zNhY5u7qd8umEbBYq1HPyHj8d4_tuZOuPK_k1JaSvj5GhvODp9Aa1VWNo06tbHp-VkLw",
"payload": ""
}
2022-02-27 08:32:59,961:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/82649468160 HTTP/1.1" 200 1056
2022-02-27 08:32:59,962:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 27 Feb 2022 14:32:58 GMT
Content-Type: application/json
Content-Length: 1056
Connection: keep-alive
Boulder-Requester: 421875960
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0101IWzCpJhWZOnmGDjAGFIeQnGsHUJpuh7SmCfIu5JyHlA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "fennelserver.hopto.org"
},
"status": "invalid",
"expires": "2022-03-06T14:32:56Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://fennelserver.hopto.org/.well-known/acme-challenge/PAFaxF2x5BliQzC6clQgijYt8ZKgFAr8oVje_AunCAk [161.38.146.13]: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/82649468160/BL76DQ",
"token": "PAFaxF2x5BliQzC6clQgijYt8ZKgFAr8oVje_AunCAk",
"validationRecord": [
{
"url": "http://fennelserver.hopto.org/.well-known/acme-challenge/PAFaxF2x5BliQzC6clQgijYt8ZKgFAr8oVje_AunCAk",
"hostname": "fennelserver.hopto.org",
"port": "80",
"addressesResolved": [
"161.38.146.13"
],
"addressUsed": "161.38.146.13"
}
],
"validated": "2022-02-27T14:32:57Z"
}
]
}
2022-02-27 08:32:59,962:DEBUG:acme.client:Storing nonce: 0101IWzCpJhWZOnmGDjAGFIeQnGsHUJpuh7SmCfIu5JyHlA
2022-02-27 08:32:59,962:INFO:certbot._internal.auth_handler:Challenge failed for domain fennelserver.hopto.org
2022-02-27 08:32:59,962:INFO:certbot._internal.auth_handler:http-01 challenge for fennelserver.hopto.org
2022-02-27 08:32:59,962:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: fennelserver.hopto.org
Type: unauthorized
Detail: Invalid response from http://fennelserver.hopto.org/.well-known/acme-challenge/PAFaxF2x5BliQzC6clQgijYt8ZKgFAr8oVje_AunCAk [161.38.146.13]: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2022-02-27 08:32:59,963:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-02-27 08:32:59,963:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-02-27 08:32:59,963:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-02-27 08:32:59,963:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2022-02-27 08:32:59,963:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80...
2022-02-27 08:33:00,822:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "runpy.py", line 197, in _run_module_as_main
File "runpy.py", line 87, in run_code
File "C:\Program Files (x86)\Certbot\bin\certbot.exe_main.py", line 29, in
sys.exit(main())
File "C:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 19, in main
return internal_main.main(cli_args)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 1683, in main
return config.func(config, plugins)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 1538, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 139, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 513, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 441, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 493, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-02-27 08:33:00,823:ERROR:certbot._internal.log:Some challenges have failed.

My web server is (include version): Calibre 5.37.0

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: self-hosted, dynamic DNS via no-ip

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I guess? Calibre is an ebook management software which allows users to access their libraries via a webserver over http or https. There is a settings panel inside Calibre as well as a CLI. Here is the manual page for the calibre server.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.23.0

2

Are you sure that's the right IP address? Or that your router isn't responding itself for requests on port 80?

If you start it, we can make some requests and check what we see.

1 Like
3

Thank you very much for your prompt reply. I really appreciate the help because I'm tearing my hair out.

That's the public. I have a port forwarding rule to send all requests on public port 80 to the local machine's port 80 (192.168.xx.xx:80).

Actually, when I try to go to my public address directly or use the hostname, I get nothing. I don't get what is happening. Server is up and will remain up until this is resolved.

1 Like
4

I tried connecting and I even got out the portscanner, it looks like your router isn't forwarding sh*t.

$ curl -IL http://fennelserver.hopto.org/
curl: (28) Failed to connect to fennelserver.hopto.org port 80 after 32559 ms: Connection timed out

$ nmap fennelserver.hopto.org -Pn
Starting Nmap 7.92 ( https://nmap.org ) at 2022-02-27 19:15 CET
Nmap scan report for fennelserver.hopto.org (161.38.146.13)
Host is up.
rDNS record for 161.38.146.13: 161-38-146-13.fidnet.com
All 1000 scanned ports on fennelserver.hopto.org (161.38.146.13) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)

Nmap done: 1 IP address (1 host up) scanned in 202.25 seconds

Maybe it has another firewall. Check it.

1 Like
5

I honestly don't know what the issue is. I've checked firewalls on the router and device. And double checked the port forwarding rule.

I briefly took down my entire local Windows Defender firewall. Which AFAIK is the only one running on the device. And I briefly took down the router firewall too.

I rebooted the router to see if for some reason settings were not changing. Is it possible that my ISP would be blocking this? Is that some scummy thing they do, "You can't have a webserver unless you pay us for a commercial package?"

6

It's possible, but I don't know if that's the case. You should look it up and confirm if that's what's happening or not.

1 Like
7

I checked and while they do block ports they are not related. I'll call on Monday and see how much help they are willing to give.

8

Yeah, it at least answered with a 404 the first time.

It's not even doing that anymore. Main suspect is a firewall of some kind (or your IP address has changed and it's not been updated on your dynamic DNS)

1 Like
9

Before you try to get certificates working, get your site working on http at http://fennelserver.hopto.org, it needs to work from a public network (not just your own wifi) and a good test of that is to fire up the site from your phone using your phone data instead of wifi.

  • Your router has a firewall, check that and double check your external port 80 traffic is forwarding to the correct host internally.
  • Ensure your local machine has a static IP on your own network otherwise it will change and your NAT rule will no longer be valid.
  • If you have other security products, disable those while debugging (malwarebytes, mcafee etc)

Your initial error was a 404, not a timeout, so something did respond. This could mean your server was simply using port 80 and certbot couldn't use it for it's standalone validation server, in which case stop your webserver and try certbot in standalone mode again. Likewise if you have IIS installed it would not share port 80 with certbot.

5 Likes
10

Problems solved. I actually don't know what the issue was, but for future reference:

  1. Yes, I had to double check my firewall.

  2. Yes, afterwards I had a problem with my server being on and blocking access to the standalone server. I had to shut it off for certification.

I managed to get it working on http outside my network, then got the cert, set that up with Calibre, and got https running.

2 Likes
11

That sounds like you will continue to have that same problem on each renewal attempt.
While the (web) server is running, the --standalone client will fail to complete the request.

2 Likes
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.