The operating system my web server runs on is (include version):Ubuntu server 18.04.4
I can login to a root shell on my machine (yes or no, or I don’t know): yes
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.27.0
Running certbot with builtin webserver I get an error. Starting a simple webserver manually works well.
certbot certonly --standalone --test-cert --preferred-challenges http-01 -d [my fqdn]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for [my fqdn]
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. [my fqdn] (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://[my fqdn]/.well-known/acme-challenge/9UehXhelUt606GErvJkGnwZFQfFGLN091B-AuxmbesA [my IP]: 503
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: [my fqdn]
Type: unauthorized
Detail: Invalid response from
http://[my fqdn]/.well-known/acme-challenge/9UehXhelUt606GErvJkGnwZFQfFGLN091B-AuxmbesA
[my IP]: 503To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
And now with a simple webserver:
python -m SimpleHTTPServer 80
Serving HTTP on 0.0.0.0 port 80 …
Now starting certbot without “standalone”:
certbot certonly --test-cert --preferred-challenges http-01 -d [my fqdn]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for [my fqdn]
Input the webroot for access3.schwindt.eu: (Enter ‘c’ to cancel): /root/www
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/[my fqdn]/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/[my fqdn]/privkey.pem
Your cert will expire on 2020-08-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”
Any ideas?
Thanks!