To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Does anyone know what I'm doing wrong? I'm not very familiar with hosting etc.
It's fairly unusual to try to acquire a certificate by manually completing http-01 challenges, which require placing files specified by your ACME client (e.g. certbot) in /.well-known/acme-challenge in the webroot folder of your website. Most people manually complete dns-01 challenges, which require creating TXT records specified by your ACME client in your DNS.
You can specify the challenge type by adding either --preferred-challenges http or --preferred-challenges dns to your certbot command.
Example:
sudo certbot certonly --manual --preferred-challenges dns -d "tinydesign.co.uk,www.tinydesign.co.uk"
Hi griffin, thank you for your reply. I tried that but I can't use the DNS method because my host Namesco don't allow underscores.
I used to use zerossl.com for this, which used the acme-challenge technique but they got bought out and now they charge. So I was thinking it should be possible with Namesco and Certbot. I'm wondering if it's a redirect messing things up.
I tested your webserver many different ways and did not find anything evident that would prevent an http-01 challenge from succeeding. I can specifically confirm that requesting http://tinydesign.co.uk/.well-known/acme-challenge/test produces the expected 404 Not Found without a redirect of any kind. Is there a reason that you want to manually complete an http-01 challenge? If you're running certbot on your webserver, it seems much more prudent to just use the apache authenticator rather than manual:
Change the SSL directives in your Apache port 443 configuration file to use the certificate and private key files in the live certbot directory for your certificate. You can determine which configuration file to edit by looking at the output of sudo apachectl -S and seeing which VirtualHost is handling port 443 for tinydesign.co.uk
Reload Apache with sudo apachectl -k graceful
At that point, your certificate will even be configured to automatically renew!
Amazing, thank you griffin! I am very confused to why it doesn't work then. Unfortunately I don't know how to install certbot on my server. It has cPanel without the plugin. I installed certbot on my Windows10 PC and was trying to get a certificate that way.
If you're using shared hosting with cPanel (and thus don't have root access), you are the ideal candidate for using my CertSage ACME client. Its "installation" is just uploading a single PHP file into the public_html directory on your webserver. To get your certificate, you just visit tinydesign.co.uk/certsage.php; enter your email address, domain name, and the subdomains you wish to secure; then push a button. In less than a minute, you have your certificate and can install it and its private key through the cPanel SSL function in the Security section.
It hasn't been fully-released to the public yet, so I've been delivering it with instructions via private message in this community to those interested. So far I've had a 100% satisfaction rate. Guess people like super-easy when it comes to getting their certificates. I'm testing a minor update this afternoon to satisfy the requirements for the latest certificate chain update and add a few new features. I'll send you the latest version with detailed instructions in a few hours once my testing is satisfactory.
I've aimed to make it as simple as possible. I've actually renewed multiple certificates with CertSage from the browser on my phone while waiting in line at Starbucks.
I'll send you a message as soon as this update is ready to go.