Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: cimetrics.io
Type: unauthorized
Detail: 15.197.142.173: Invalid response from http://cimetrics.io/.well-known/acme-challenge/HAOi6Kom9At9ywZ8UAUykre5WqkAg8dfYvl6tEIA388: 404
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
My web server is (include version):
Custom.
The operating system my web server runs on is (include version):
Ubuntu. See:
ubuntu@ip-172-31-11-236:~$ uname --a
Linux ip-172-31-11-236 6.2.0-1017-aws #17~22.04.1-Ubuntu SMP Fri Nov 17 21:07:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is:
aws ec2
I can login to a root shell on my machine (yes or no, or I don't know):
Yes.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0
I am having trouble using cert-bot on my Ubuntu ec2 instance.
I have the domain cimetrics.io from godaddy and have forwarded it to point to my ec2 instance at 3.10.39.149.
Pinging the IP and domain demonstrates similar results
PS C:\Users\jonat> ping 3.10.39.149
Pinging 3.10.39.149 with 32 bytes of data:
Reply from 3.10.39.149: bytes=32 time=19ms TTL=49
Reply from 3.10.39.149: bytes=32 time=26ms TTL=49
Reply from 3.10.39.149: bytes=32 time=20ms TTL=49
Reply from 3.10.39.149: bytes=32 time=19ms TTL=49
Ping statistics for 3.10.39.149:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 26ms, Average = 21ms
PS C:\Users\jonat> ping cimetrics.io
Pinging cimetrics.io [3.33.152.147] with 32 bytes of data:
Reply from 3.33.152.147: bytes=32 time=34ms TTL=247
Reply from 3.33.152.147: bytes=32 time=32ms TTL=247
Reply from 3.33.152.147: bytes=32 time=30ms TTL=247
Reply from 3.33.152.147: bytes=32 time=36ms TTL=247
Ping statistics for 3.33.152.147:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 36ms, Average = 33ms
PS C:\Users\jonat>
I can also see the response from my http server on my ec2 instance using http://cimetrics.io/ and http://3.10.39.149/.
I do see that it tries to redirect - but it does so in a very unusual way AND to an IP address "3.10.39.149".
LE will NOT follow redirections to IP addresses
It looks like you are using the URL redirect or URL forwarding service at godaddy. That won't work. You need to disable that and set the DNS to point directly to the IP of your server
How would I set the DNS to point directly to my server IP?
I would guess this involves editing the DNS records, apologies for my inexperience here.
These are the current DNS records:
; Domain: cimetrics.io
; Exported (y-m-d hh:mm:ss): 2023-12-30 23:39:48
;
; This file is intended for use for informational and archival
; purposes ONLY and MUST be edited before use on a production
; DNS server.
;
; In particular, you must update the SOA record with the correct
; authoritative name server and contact e-mail address information,
; and add the correct NS records for the name servers which will
; be authoritative for this domain.
;
; For further information, please consult the BIND documentation
; located on the following website:
;
; http://www.isc.org/
;
; And RFC 1035:
;
; http://www.ietf.org/rfc/rfc1035.txt
;
; Please note that we do NOT offer technical support for any use
; of this zone data, the BIND name server, or any other third-
; party DNS software.
;
; Use at your own risk.
$ORIGIN cimetrics.io.
; SOA Record
@ 3600 IN SOA ns75.domaincontrol.com. dns.jomax.net. (
2023123000
28800
7200
604800
3600
)
; A Record
@ 600 IN A 15.197.142.173
@ 600 IN A 3.33.152.147
; NS Record
@ 3600 IN NS ns75.domaincontrol.com.
@ 3600 IN NS ns76.domaincontrol.com.
; CNAME Record
www 3600 IN CNAME @
_domainconnect 3600 IN CNAME _domainconnect.gd.domaincontrol.com.
So removing the forwarding done by godaddy and updating the DNS records to link the IP directly appears to have fixed the problem.
; Domain: cimetrics.io
; Exported (y-m-d hh:mm:ss): 2023-12-31 00:59:32
;
; This file is intended for use for informational and archival
; purposes ONLY and MUST be edited before use on a production
; DNS server.
;
; In particular, you must update the SOA record with the correct
; authoritative name server and contact e-mail address information,
; and add the correct NS records for the name servers which will
; be authoritative for this domain.
;
; For further information, please consult the BIND documentation
; located on the following website:
;
; http://www.isc.org/
;
; And RFC 1035:
;
; http://www.ietf.org/rfc/rfc1035.txt
;
; Please note that we do NOT offer technical support for any use
; of this zone data, the BIND name server, or any other third-
; party DNS software.
;
; Use at your own risk.
$ORIGIN cimetrics.io.
; SOA Record
@ 3600 IN SOA ns75.domaincontrol.com. dns.jomax.net. (
2023123102
28800
7200
604800
3600
)
; A Record
@ 600 IN A 3.10.39.149
; NS Record
@ 3600 IN NS ns75.domaincontrol.com.
@ 3600 IN NS ns76.domaincontrol.com.
; CNAME Record
www 3600 IN CNAME @
_domainconnect 3600 IN CNAME _domainconnect.gd.domaincontrol.com.
I'm hoping GoDaddy also has a web panel for modifying your DNS entries? While I'm not unfamiliar with these DNS zones myself, it's not very customer friendly..
.