Can't install certificate on centos stream 9

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 18.221.12.141

I haven't associated a domain name with this IP address yet.

I ran this command:

snap install certbot --classic

certbot 2.4.0 from Certbot Project (certbot-eff✓) installed

ln -s /snap/bin/certbot /usr/bin/certbot

certbot certonly --webroot -w /var/www/html -d dns.srv.world

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for dns.srv.world

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: dns.srv.world
Type: connection
Detail: 180.43.145.38: Fetching http://dns.srv.world/.well-known/acme-challenge/PA8NVKVQilix5_THoKOducP2z7N8Lk-C39XULisRKFk: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): linux

The operating system my web server runs on is (include version): centos stream 9

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 2.4.0

2

Hello @TheSL, welcome to the Let's Encrypt community. :slightly_smiling_face:

Your are using the HTTP-01 challenge of the Challenge Types - Let's Encrypt, the require Port 80 to be open; Best Practice - Keep Port 80 Open.

However you do not have Port 80 open

$ nmap -Pn dns.srv.world
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-29 19:06 UTC
Nmap scan report for dns.srv.world (180.43.145.38)
Host is up (0.13s latency).
Not shown: 995 closed ports
PORT    STATE    SERVICE
22/tcp  filtered ssh
25/tcp  filtered smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 7.56 seconds
2 Likes
3

LE won't provide a certificate for an IP.

That is a domain name ("dns.srv.world").
Who's name is that?
Why are you trying to get a cert for that name?
It resolves to some other IP [not yours].

4 Likes
4

Before you continue testing on the production system, please read:
How It Works - Let's Encrypt (letsencrypt.org)
FAQ - Let's Encrypt (letsencrypt.org)

4 Likes
5

Also testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

And to assist with debugging there is a great place to start is Let's Debug.

Also please attach letsencrypt.log to your next post; also do re-run Certbot with -v for more details and share them.

3 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.