Cerbot error when trying to generate certificats on docker

Hello !
I’m trying to make a container with the certbot image to generate a certificate for a node container. When I run certbot, the key file is generated and available but I get this error:

chevro_blog_letsencrypt |  - The following errors were reported by the server:
chevro_blog_letsencrypt | 
chevro_blog_letsencrypt |    Domain: chevro.fr
chevro_blog_letsencrypt |    Type:   unauthorized
chevro_blog_letsencrypt |    Detail: The key authorization file from the server did not match
chevro_blog_letsencrypt |    this challenge
chevro_blog_letsencrypt |    [2ibSAFbO7QfRgYkqAsyUUMwMhpXeIwbvM2X90xFyAVc.xIMipjc_lVp3zWi8n9_5mG6IgyhunXnJ3uwn8px3J-I]
chevro_blog_letsencrypt |    !=
chevro_blog_letsencrypt |    [2ibSAFbO7QfRgYkqAsyUUMwMhpXeIwbvM2X90xFyAVc.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]
chevro_blog_letsencrypt | 
chevro_blog_letsencrypt |    To fix these errors, please make sure that your domain name was
chevro_blog_letsencrypt |    entered correctly and the DNS A/AAAA record(s) for that domain
chevro_blog_letsencrypt |    contain(s) the right IP address.

Thank you in advance for your help !

Hi @colivier74 :wave:, welcome to the community forum.

It looks like your website is hosted with OVH and may be using their Load Balancer product.

I believe the OVH load balancer is intercepting your HTTP-01 challenge request and responding with its own key authorization (you can get a hint that’s what is happening because the expected key auth and the received key auth have the same challenge token but a different account thumbprint).

This problem comes up fairly often for OVH users, for e.g.:

I don’t think its possible to use OVH’s Load Balancer and the Certbot image with HTTP-01 challenges together. You’ll have to let OVH manage your certificates or disable the load balancer that is swallowing up the HTTP-01 challenge request before your Certbot container has a chance to respond.

Hope that helps!

Thank you for this quick response ! I did not order load balancer, can it be disabled?

1 Like

I'm not certain, sorry. I could be wrong about this being caused by the load balancer product specifically. I recommend you open a support ticket with OVH. They will know best what your account has enabled and which component is causing you problems with HTTP-01 challenges.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.