I’m trying to make a container with the certbot image to generate a certificate for a node container. When I run certbot, the key file is generated and available but I get this error:
chevro_blog_letsencrypt | - The following errors were reported by the server:
chevro_blog_letsencrypt | Domain: chevro.fr
chevro_blog_letsencrypt | Type: unauthorized
chevro_blog_letsencrypt | Detail: The key authorization file from the server did not match
chevro_blog_letsencrypt | this challenge
chevro_blog_letsencrypt | [2ibSAFbO7QfRgYkqAsyUUMwMhpXeIwbvM2X90xFyAVc.xIMipjc_lVp3zWi8n9_5mG6IgyhunXnJ3uwn8px3J-I]
chevro_blog_letsencrypt | !=
chevro_blog_letsencrypt | [2ibSAFbO7QfRgYkqAsyUUMwMhpXeIwbvM2X90xFyAVc.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]
chevro_blog_letsencrypt | To fix these errors, please make sure that your domain name was
chevro_blog_letsencrypt | entered correctly and the DNS A/AAAA record(s) for that domain
chevro_blog_letsencrypt | contain(s) the right IP address.
It looks like your website is hosted with OVH and may be using their Load Balancer product.
I believe the OVH load balancer is intercepting your HTTP-01 challenge request and responding with its own key authorization (you can get a hint that’s what is happening because the expected key auth and the received key auth have the same challenge token but a different account thumbprint).
This problem comes up fairly often for OVH users, for e.g.:
I don’t think its possible to use OVH’s Load Balancer and the Certbot image with HTTP-01 challenges together. You’ll have to let OVH manage your certificates or disable the load balancer that is swallowing up the HTTP-01 challenge request before your Certbot container has a chance to respond.
I'm not certain, sorry. I could be wrong about this being caused by the load balancer product specifically. I recommend you open a support ticket with OVH. They will know best what your account has enabled and which component is causing you problems with HTTP-01 challenges.