Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:

DeadLooks · August 31, 2021, 8:13pm

My domain is: http://helpinghumencharitabletrust.org/

I ran this command: sudo certbot certonly --agree-tos --email redacted --webroot -w /var/lib/letsencrypt/ -d helpinghumencharitabletrust.org -d www.helpinghumencharitabletrust.org

and this command too : sudo certbot --nginx -d helpinghumencharitabletrust.org -d www.helpinghumencharitabletrust.org

same problem

It produced this output: Domain: helpinghumencharitabletrust.org

Type: connection

Detail: Fetching http://helpinghumencharitabletrust.org/.well-known/acme-challenge/m2vfq90W-Mo9lQZkAZECyOnSME4rdPCkKnZ7xgCA_iA: Timeout during connect (likely firewall problem)

Domain: www.helpinghumencharitabletrust.org

Type: connection

Detail: Fetching http://www.helpinghumencharitabletrust.org/.well-known/acme-challenge/cbLMXXvPqwRAoL2dLFsH7yDS_qGWSxVCDmHRF43URv8: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges

Some challenges have failed.

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx/1.18.0

The operating system my web server runs on is (include version): PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2021.2"
VERSION_ID="2021.2"
VERSION_CODENAME="kali-rolling"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"

My hosting provider, if applicable, is: nginx

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.18.0

Code that i have executed

My domain name is from go-daddy.com

1: sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

2: sudo mkdir -p /var/lib/letsencrypt/.well-known

3: sudo mkdir /etc/nginx/snippets

4: sudo mousepad /etc/nginx/snippets/letsencrypt.conf

5: sudo mousepad /etc/nginx/snippets/ssl.conf

6: sudo systemctl reload nginx

7: sudo certbot certonly --agree-tos --email redacted --webroot -w /var/lib/letsencrypt/ -d helpinghumencharitabletrust.org -d www.helpinghumencharitabletrust.org

8: after this i got lots of errors i fixed some of them stuck at this now

9: i even run: sudo certbot --nginx -d helpinghumencharitabletrust.org -d www.helpinghumencharitabletrust.org

default nginx conf

```default conf of nginx

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name _;
    
    include snippets/letsencrypt.conf;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

    # pass PHP scripts to FastCGI server
    #
    #location ~ \.php$ {
    #       include snippets/fastcgi-php.conf;
    #
    #       # With php-fpm (or other unix sockets):
    #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    #       # With php-cgi (or other tcp sockets):
    #       fastcgi_pass 127.0.0.1:9000;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #       deny all;
    #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#        listen 80;
#        listen [::]:80;
#
#       server_name helpinghumencharitabletrust.org www.helpinghumencharitabletrust.org;
#
#        root /var/www/html/;
#       index index.html;
#
#        location / {
#                try_files $uri $uri/ =404;
#        }
#}

server{
listen 80;
    server_name 27.7.62.219;
    return 301 http://helpinghumencharitabletrust.org;
}```

file in /etc/nginx/conf.d/www.helpinghumencharitabletrust.org.conf

server{
   listen 80;
       server_name helpinghumencharitabletrust.org www.helpinghumencharitabletrust.org;

       include snippets/letsencrypt.conf;
}

server{
listen 80;
    server_name 27.7.62.219;
    return 301 http://helpinghumencharitabletrust.org;
}```

rg305 · September 1, 2021, 12:45am

2 posts were split to a new topic: Timeout during connect

rg305 · September 1, 2021, 12:43am

You need a functional HTTP site before you can secure it (via HTTP authentication).

DeadLooks · September 2, 2021, 8:29am

Thank you for your help @rg305

DeadLooks · September 2, 2021, 2:04pm

how do i get functional HTTP site please in details @rg305

Osiris · September 2, 2021, 2:51pm

Setting up a website that is reachable from the world wide web in general is far outside of the scope of this Community in my opinion.

I will give you a tip though:

Currently the hostname helpinghumencharitabletrust.org resolves to a private IP address, namely 192.168.1.6. These private IP addresses are not globally routable nor reachable from the world wide web. If you want your website to be reachable from the world wide web, you need to make sure you have the correct IP address (i.e.: the public IP address where your server is hosted) at the hostname in the DNS.

DeadLooks · September 2, 2021, 3:09pm

i have erase my raspberry pi 4 model b 8gb ram newly install the Kali Linux from start

i am hosting in Apache server now my pi IP is 192.168.1.6 domain name is from go-daddy

when i am install this repo: sudo add-apt-repository universe

it throws an Error: 'universe' invalid

how can i fix it? @Osiris

Osiris · September 2, 2021, 3:25pm

How to fix your Kali Linux' is not the scope of this Community.

system · October 2, 2021, 3:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.