Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: xcompro.site

I ran this command:sudo certbot certonly --standalone -v --dry-run -d xcompro.site

It produced this output:

2025-04-29 16:00:29,513:DEBUG:certbot._internal.main:certbot version: 4.0.0
2025-04-29 16:00:29,513:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-04-29 16:00:29,513:DEBUG:certbot._internal.main:Arguments: ['--standalone', '-v', '--dry-run', '-d', 'xcompro.site']
2025-04-29 16:00:29,514:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-04-29 16:00:29,523:DEBUG:certbot._internal.log:Root logging level set at 20
2025-04-29 16:00:29,524:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2025-04-29 16:00:29,524:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='standalone', value='certbot._internal.plugins.standalone:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7e0aee2f5870>
Prep: True
2025-04-29 16:00:29,524:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7e0aee2f5870> and installer None
2025-04-29 16:00:29,524:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2025-04-29 16:00:29,580:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/197359994', new_authzr_uri=None, terms_of_service=None), 2d8b1a9e543d0ab4c390ee89c5311cad, Meta(creation_dt=datetime.datetime(2025, 4, 29, 15, 47, 56, tzinfo=datetime.timezone.utc), creation_host='ip-172-31-11-174.eu-west-1.compute.internal', register_to_eff=None))>
2025-04-29 16:00:29,581:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2025-04-29 16:00:29,583:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2025-04-29 16:00:29,970:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1086
2025-04-29 16:00:29,972:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:29 GMT
Content-Type: application/json
Content-Length: 1086
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "A92Ya-zus3w": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-04-29 16:00:29,972:DEBUG:certbot._internal.display.obj:Notifying user: Simulating a certificate request for xcompro.site
2025-04-29 16:00:29,974:DEBUG:acme.client:Requesting fresh nonce
2025-04-29 16:00:29,974:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2025-04-29 16:00:30,099:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-04-29 16:00:30,099:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:30 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 6HmkGaTnEtIX11TGtwmdk03a0jtwRL6E5OIf6EgTvnQc7pGz4f4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-04-29 16:00:30,099:DEBUG:acme.client:Storing nonce: 6HmkGaTnEtIX11TGtwmdk03a0jtwRL6E5OIf6EgTvnQc7pGz4f4
2025-04-29 16:00:30,100:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "xcompro.site"\n    }\n  ]\n}'
2025-04-29 16:00:30,101:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTczNTk5OTQiLCAibm9uY2UiOiAiNkhta0dhVG5FdElYMTFUR3R3bWRrMDNhMGp0d1JMNkU1T0lmNkVnVHZuUWM3cEd6NGY0IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "RVb7weFbhsrSU9bqL2FpJNVHdtfWfNdK_Kh-9HnsUTC7d-qeyYwE-tHUdHUabkfgevFql-xHRyAeC_7je700dODu5Q4SlWc0u1Aue7DLDU4pToV0pa3QNWmQ9-2pqmC1qyuw7zFLo3D8wfqZxGTxPGKZSqEqLoqD_jfOi79Zyvb59VbE35sJ1DZVBK2H07TJvb5LAveETJqRlryktnYeiqmF4q-j-_9U9UwflzxftDusomxNn_bE1141thg_ODyQ0t2MkwKDt1qUJzJ9AGobF49fgz7zt75fUgksmp6zcdn-TkPxPEUYzBRZetv_nmz-4iAYggrOCwc4hLq2Ll6fKw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInhjb21wcm8uc2l0ZSIKICAgIH0KICBdCn0"
}
2025-04-29 16:00:30,255:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 358
2025-04-29 16:00:30,256:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 29 Apr 2025 16:00:30 GMT
Content-Type: application/json
Content-Length: 358
Connection: keep-alive
Boulder-Requester: 197359994
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/197359994/24220050994
Replay-Nonce: wSl0VvnVS3jGMz-Hhye-q98DhBzaNHt9Vq60UwkUpqC-RHgrXnc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2025-05-06T16:00:30Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "xcompro.site"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/197359994/17082285144"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/197359994/24220050994"
}
2025-04-29 16:00:30,256:DEBUG:acme.client:Storing nonce: wSl0VvnVS3jGMz-Hhye-q98DhBzaNHt9Vq60UwkUpqC-RHgrXnc
2025-04-29 16:00:30,256:DEBUG:acme.client:JWS payload:
b''
2025-04-29 16:00:30,257:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/197359994/17082285144:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTczNTk5OTQiLCAibm9uY2UiOiAid1NsMFZ2blZTM2pHTXotSGh5ZS1xOThEaEJ6YU5IdDlWcTYwVXdrVXBxQy1SSGdyWG5jIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE5NzM1OTk5NC8xNzA4MjI4NTE0NCJ9",
  "signature": "riakWinOmryMFHPH2v2tf5NwZ_HpAITJCgbgYherA_fyKLAlP9MrTnh4e4_wS5JWejt78raK-JdlEFZEAYQQvNFbjGLAFGQRDZSnjV4MEzTlAYaOkramtMppzWWXC9bPHzwV8GeOc5VtvYkRbZtIoaHCiDmNASK-2lsqhoBqaWq0vklZ8yDpjX9sFSkcBS-mlatKLQU6en1uJBq1GKImEgwUtNIZ_tJ9AAAEYasyJWU3H7fmnIUDjVKS4zyVaM4Mk2ZNQmrlEkdnrVMX9tz6IpywY7W935Qn3et5-2IYr5a8VZ62nrPduZOWbetYKp94JWR4qhp3XuK36BEtgJ-Rmw",
  "payload": ""
}
2025-04-29 16:00:30,386:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/197359994/17082285144 HTTP/1.1" 200 838
2025-04-29 16:00:30,386:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:30 GMT
Content-Type: application/json
Content-Length: 838
Connection: keep-alive
Boulder-Requester: 197359994
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wSl0VvnVcf2lbdwOMEEwjw737G-F4fl0K-eXuqVkIllbp9smlRs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "xcompro.site"
  },
  "status": "pending",
  "expires": "2025-05-06T16:00:30Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/SX_j7g",
      "status": "pending",
      "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA"
    },
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/G4gcuw",
      "status": "pending",
      "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA"
    },
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw",
      "status": "pending",
      "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA"
    }
  ]
}
2025-04-29 16:00:30,386:DEBUG:acme.client:Storing nonce: wSl0VvnVcf2lbdwOMEEwjw737G-F4fl0K-eXuqVkIllbp9smlRs
2025-04-29 16:00:30,386:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-04-29 16:00:30,387:INFO:certbot._internal.auth_handler:http-01 challenge for xcompro.site
2025-04-29 16:00:30,390:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2025-04-29 16:00:30,390:DEBUG:acme.standalone:Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2025-04-29 16:00:30,391:DEBUG:acme.client:JWS payload:
b'{}'
2025-04-29 16:00:30,392:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTczNTk5OTQiLCAibm9uY2UiOiAid1NsMFZ2blZjZjJsYmR3T01FRXdqdzczN0ctRjRmbDBLLWVYdXFWa0lsbGJwOXNtbFJzIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzE5NzM1OTk5NC8xNzA4MjI4NTE0NC9nSW81TXcifQ",
  "signature": "hVPbiHv4eMuGOqcS9CtPo7rDSykSX8fMoFHqATvi2cHEDQrP-fP6RsQosusNeO_Mw__B8P4kLblq_JLkoIwMjUzlxAln9lF_BCiKGBuqDRfpUFCnfc0FY4OiO4zL35Du-Z4uGQuQQGp7x6JdHX3Y5QPsh6_gFpzkV6AoGSo3MZEkuPapAz54HbyNpyqwb7eS9pUDnTwPNhuESaUjhSepBICZwF13j55mFdSre_PR6eSBta-HDVcL8V5OoWOxICnbclzkh86Bh8702LBQlGjKUh8k87WN1koAm-vXI0lOBOE2-bCzKcdslVhTk_9zRQMy7t4gw5x_eUCV1kt1yopd6Q",
  "payload": "e30"
}
2025-04-29 16:00:30,527:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall/197359994/17082285144/gIo5Mw HTTP/1.1" 200 201
2025-04-29 16:00:30,527:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:30 GMT
Content-Type: application/json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 197359994
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/197359994/17082285144>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw
Replay-Nonce: 6HmkGaTnUv_D8m3eJ1YNtP9FXTDdUDMfHgbHtjrdPFl3cejOPOA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw",
  "status": "pending",
  "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA"
}
2025-04-29 16:00:30,527:DEBUG:acme.client:Storing nonce: 6HmkGaTnUv_D8m3eJ1YNtP9FXTDdUDMfHgbHtjrdPFl3cejOPOA
2025-04-29 16:00:30,527:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-04-29 16:00:31,529:DEBUG:acme.client:JWS payload:
b''
2025-04-29 16:00:31,531:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/197359994/17082285144:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTczNTk5OTQiLCAibm9uY2UiOiAiNkhta0dhVG5Vdl9EOG0zZUoxWU50UDlGWFREZFVETWZIZ2JIdGpyZFBGbDNjZWpPUE9BIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE5NzM1OTk5NC8xNzA4MjI4NTE0NCJ9",
  "signature": "EZYudP4B3eN4iElOC8NJ6Q04cF7TMcMU_1y_maZzyBtho9l4vz9EIRAtXejRawJpJV1LO8vv9sddkE0gCI4FpNUkZ1zr_G8Q1dXo0kCSb2dZutM0hiXWuEHw-ubdiNamCVwULqXfjy2IH7QoNQe8zKiZzVvcMVvlOZTN0LmSqKj09P_SCdZ6cZfY0kk9qq8BSIzG8HIaW8eVDfX2s62XtHGAIuvqVE4TTmxYK_Lu6EG_mXBYJUhP_F2VAejXHl3dRU3MNtYWarZkQtJAcSdC37-OgFKfDzFoMfineN8GPFZGrwzY5sSQqh2-tKUzryL6PzXCLTg1EBxEVFDOnSQoUA",
  "payload": ""
}
2025-04-29 16:00:31,662:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/197359994/17082285144 HTTP/1.1" 200 1053
2025-04-29 16:00:31,662:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:31 GMT
Content-Type: application/json
Content-Length: 1053
Connection: keep-alive
Boulder-Requester: 197359994
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wSl0VvnV-kMN_5G9P9YisrZE8JSBkGgy8gk-uIMhRSDq19QZLLQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "xcompro.site"
  },
  "status": "invalid",
  "expires": "2025-05-06T16:00:30Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw",
      "status": "invalid",
      "validated": "2025-04-29T16:00:30Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "54.76.23.13: Invalid response from http://xcompro.site/.well-known/acme-challenge/mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA: 502",
        "status": 403
      },
      "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA",
      "validationRecord": [
        {
          "url": "http://xcompro.site/.well-known/acme-challenge/mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA",
          "hostname": "xcompro.site",
          "port": "80",
          "addressesResolved": [
            "54.76.23.13",
            "34.241.57.115"
          ],
          "addressUsed": "54.76.23.13"
        }
      ]
    }
  ]
}
2025-04-29 16:00:31,662:DEBUG:acme.client:Storing nonce: wSl0VvnV-kMN_5G9P9YisrZE8JSBkGgy8gk-uIMhRSDq19QZLLQ
2025-04-29 16:00:31,663:INFO:certbot._internal.auth_handler:Challenge failed for domain xcompro.site
2025-04-29 16:00:31,663:INFO:certbot._internal.auth_handler:http-01 challenge for xcompro.site
2025-04-29 16:00:31,663:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: xcompro.site
  Type:   unauthorized
  Detail: 54.76.23.13: Invalid response from http://xcompro.site/.well-known/acme-challenge/mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA: 502

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2025-04-29 16:00:31,664:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2025-04-29 16:00:31,664:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-04-29 16:00:31,664:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-04-29 16:00:31,664:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2025-04-29 16:00:31,892:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.10/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/main.py", line 1872, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/main.py", line 1578, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/client.py", line 523, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/client.py", line 424, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/client.py", line 502, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-04-29 16:00:31,894:ERROR:certbot._internal.log:Some challenges have failed.

My web server is (include version):
Kestrel aspnet:9.0-noble

The operating system my web server runs on is (include version):
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy

My hosting provider, if applicable, is:
EC2 Instance with Kestrel as Edge web server (Facing to AWS Application Load balancer)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 4.0.0

Additional Information which may help to resolve the issue
Scenario:

I am trying to get SSL certificate from Let's encrypt and install it for my ASP.NET CORE app.
ASP.NET CORE app is running on EC2 instance with Kestrel server which is facing to AWS ELB. Domain xcompro.site registered with GoDaddy.
ASP.NET CORE app is running as Container and container port is 8080.
As it is a test server may be the application is not running all time. (Just for Information)

testuser:~$ dig a xcompro.site +short
34.241.57.115
54.76.23.13

C:\Users\susha>curl -Ii http://xcompro.site
HTTP/1.1 200 OK
Date: Tue, 29 Apr 2025 21:02:19 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Server: Kestrel

As certbot certonly --standalone uses http-01 challenge (which uses port 80) for domain validation, but the Kestrel Webserver is running on Port 8080. May be due to this getting error, this is my understanding, not sure. If any further info required kindly update.
Kindly suggest and help.

on port 80, your site answered by aspnetapp, but standalone is well, standalone server so think you have port forwarding of outside 80 -> 8080 inside: whatever listening port 80 of outer internet need to reply with challenge token to pass it.

It is not impossible but is difficult to get a cert using the HTTP method for a domain that has multiple IP addresses behind a load balancer.

You are using Route53 as your DNS provider and that is well supported by Certbot. You should use the DNS Challenge instead: Welcome to certbot-dns-route53’s documentation! — certbot-dns-route53 0 documentation

Hi Orangepizza and MikeMcQ

Thank you very much for your quick response and sorry about my delay response as I was playing with my test scenario.
As suggested by MikeMcQ I successfully generated the SSL certificates using the certbot-dns-route53 documentation and implemented as well. Now I have three queries,

1. If I delete the SSL certificate and will try to regenerate SSL certificates again from Lets encrypt for same domain with same scenario then will Lets encrypt allow to generate certificate?
2. Is there any documentation available where it shows how configure auto-renewal of SSL Certificate, if application is running on Caddy web server.
3. Whom should I contact to understand the contribution process? (I might sound silly but I hope do not mind answering)

Yes, within limits. See especially this one: Rate Limits - Let's Encrypt

But, why would you delete a perfectly good cert? And, how do you plan to do that? Because just deleting certain file(s) from Certbot's folders can lead to trouble. If needed, there is a specific delete --cert-name X command to delete a cert and its related files (like renewal config). Or, are you wondering about a case like losing your system entirely and starting over (w/out any backup)?

Caddy normally handles getting certs for any domain names it handles. See its docs for its config. You wouldn't normally need Certbot if using Caddy.

For routine donations please see: Support Encryption for Everyone - Let's Encrypt
For other ways to contribute see the home page: https://letsencrypt.org/

Thank you Mike for quick response,
Its the second case where I will delete whole system setup completely and recreate it freshly without any backup.

Then hopefully that is rare Some people setup containers expecting to refresh them frequently and get certs each time. That will lead to rate limit problems. You should setup persistent storage for your certs for that case.

If your "delete my system" is just for testing then consider using the Let's Encrypt staging system to get test certs. The rate limits are much less strict in staging. Note the certs issued won't be trusted for connections from the public internet but it can allow you to test your infrastructure.

A similar issue occurs with people running multiple servers behind load balancers. That often takes more careful planning for cert management for various reasons. Your DNS Challenge solves the "getting the cert" but if you plan to spin up multiple EC2s you should store the certs in persistent store and get them from that when you spin up rather than requesting a fresh one.

Even ignoring rate limits there is no guarantee a cert request will succeed. Let's Encrypt may be down (rare but happens), comms problems may occur, or any number of other issues.

Hi Mike,
Appreciate for your quick response, time and solution.
As I am practicing with different scenarios, I will try to Let's Encrypt staging system to get test certs instead of Lets Encrypts Production.
I will copy those Certificates from EC2 instances to my Local Machine so that I can reuse them when ever spin up new EC2 instance.

Thank you again for your suggestion.