Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: xcompro.site

I ran this command:sudo certbot certonly --standalone -v --dry-run -d xcompro.site

It produced this output:

2025-04-29 16:00:29,513:DEBUG:certbot._internal.main:certbot version: 4.0.0
2025-04-29 16:00:29,513:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-04-29 16:00:29,513:DEBUG:certbot._internal.main:Arguments: ['--standalone', '-v', '--dry-run', '-d', 'xcompro.site']
2025-04-29 16:00:29,514:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-04-29 16:00:29,523:DEBUG:certbot._internal.log:Root logging level set at 20
2025-04-29 16:00:29,524:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2025-04-29 16:00:29,524:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='standalone', value='certbot._internal.plugins.standalone:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7e0aee2f5870>
Prep: True
2025-04-29 16:00:29,524:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7e0aee2f5870> and installer None
2025-04-29 16:00:29,524:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2025-04-29 16:00:29,580:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/197359994', new_authzr_uri=None, terms_of_service=None), 2d8b1a9e543d0ab4c390ee89c5311cad, Meta(creation_dt=datetime.datetime(2025, 4, 29, 15, 47, 56, tzinfo=datetime.timezone.utc), creation_host='ip-172-31-11-174.eu-west-1.compute.internal', register_to_eff=None))>
2025-04-29 16:00:29,581:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2025-04-29 16:00:29,583:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2025-04-29 16:00:29,970:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1086
2025-04-29 16:00:29,972:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:29 GMT
Content-Type: application/json
Content-Length: 1086
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "A92Ya-zus3w": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-04-29 16:00:29,972:DEBUG:certbot._internal.display.obj:Notifying user: Simulating a certificate request for xcompro.site
2025-04-29 16:00:29,974:DEBUG:acme.client:Requesting fresh nonce
2025-04-29 16:00:29,974:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2025-04-29 16:00:30,099:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-04-29 16:00:30,099:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:30 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 6HmkGaTnEtIX11TGtwmdk03a0jtwRL6E5OIf6EgTvnQc7pGz4f4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-04-29 16:00:30,099:DEBUG:acme.client:Storing nonce: 6HmkGaTnEtIX11TGtwmdk03a0jtwRL6E5OIf6EgTvnQc7pGz4f4
2025-04-29 16:00:30,100:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "xcompro.site"\n    }\n  ]\n}'
2025-04-29 16:00:30,101:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTczNTk5OTQiLCAibm9uY2UiOiAiNkhta0dhVG5FdElYMTFUR3R3bWRrMDNhMGp0d1JMNkU1T0lmNkVnVHZuUWM3cEd6NGY0IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "RVb7weFbhsrSU9bqL2FpJNVHdtfWfNdK_Kh-9HnsUTC7d-qeyYwE-tHUdHUabkfgevFql-xHRyAeC_7je700dODu5Q4SlWc0u1Aue7DLDU4pToV0pa3QNWmQ9-2pqmC1qyuw7zFLo3D8wfqZxGTxPGKZSqEqLoqD_jfOi79Zyvb59VbE35sJ1DZVBK2H07TJvb5LAveETJqRlryktnYeiqmF4q-j-_9U9UwflzxftDusomxNn_bE1141thg_ODyQ0t2MkwKDt1qUJzJ9AGobF49fgz7zt75fUgksmp6zcdn-TkPxPEUYzBRZetv_nmz-4iAYggrOCwc4hLq2Ll6fKw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInhjb21wcm8uc2l0ZSIKICAgIH0KICBdCn0"
}
2025-04-29 16:00:30,255:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 358
2025-04-29 16:00:30,256:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 29 Apr 2025 16:00:30 GMT
Content-Type: application/json
Content-Length: 358
Connection: keep-alive
Boulder-Requester: 197359994
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/197359994/24220050994
Replay-Nonce: wSl0VvnVS3jGMz-Hhye-q98DhBzaNHt9Vq60UwkUpqC-RHgrXnc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2025-05-06T16:00:30Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "xcompro.site"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/197359994/17082285144"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/197359994/24220050994"
}
2025-04-29 16:00:30,256:DEBUG:acme.client:Storing nonce: wSl0VvnVS3jGMz-Hhye-q98DhBzaNHt9Vq60UwkUpqC-RHgrXnc
2025-04-29 16:00:30,256:DEBUG:acme.client:JWS payload:
b''
2025-04-29 16:00:30,257:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/197359994/17082285144:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTczNTk5OTQiLCAibm9uY2UiOiAid1NsMFZ2blZTM2pHTXotSGh5ZS1xOThEaEJ6YU5IdDlWcTYwVXdrVXBxQy1SSGdyWG5jIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE5NzM1OTk5NC8xNzA4MjI4NTE0NCJ9",
  "signature": "riakWinOmryMFHPH2v2tf5NwZ_HpAITJCgbgYherA_fyKLAlP9MrTnh4e4_wS5JWejt78raK-JdlEFZEAYQQvNFbjGLAFGQRDZSnjV4MEzTlAYaOkramtMppzWWXC9bPHzwV8GeOc5VtvYkRbZtIoaHCiDmNASK-2lsqhoBqaWq0vklZ8yDpjX9sFSkcBS-mlatKLQU6en1uJBq1GKImEgwUtNIZ_tJ9AAAEYasyJWU3H7fmnIUDjVKS4zyVaM4Mk2ZNQmrlEkdnrVMX9tz6IpywY7W935Qn3et5-2IYr5a8VZ62nrPduZOWbetYKp94JWR4qhp3XuK36BEtgJ-Rmw",
  "payload": ""
}
2025-04-29 16:00:30,386:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/197359994/17082285144 HTTP/1.1" 200 838
2025-04-29 16:00:30,386:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:30 GMT
Content-Type: application/json
Content-Length: 838
Connection: keep-alive
Boulder-Requester: 197359994
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wSl0VvnVcf2lbdwOMEEwjw737G-F4fl0K-eXuqVkIllbp9smlRs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "xcompro.site"
  },
  "status": "pending",
  "expires": "2025-05-06T16:00:30Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/SX_j7g",
      "status": "pending",
      "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA"
    },
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/G4gcuw",
      "status": "pending",
      "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA"
    },
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw",
      "status": "pending",
      "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA"
    }
  ]
}
2025-04-29 16:00:30,386:DEBUG:acme.client:Storing nonce: wSl0VvnVcf2lbdwOMEEwjw737G-F4fl0K-eXuqVkIllbp9smlRs
2025-04-29 16:00:30,386:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-04-29 16:00:30,387:INFO:certbot._internal.auth_handler:http-01 challenge for xcompro.site
2025-04-29 16:00:30,390:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2025-04-29 16:00:30,390:DEBUG:acme.standalone:Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2025-04-29 16:00:30,391:DEBUG:acme.client:JWS payload:
b'{}'
2025-04-29 16:00:30,392:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTczNTk5OTQiLCAibm9uY2UiOiAid1NsMFZ2blZjZjJsYmR3T01FRXdqdzczN0ctRjRmbDBLLWVYdXFWa0lsbGJwOXNtbFJzIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzE5NzM1OTk5NC8xNzA4MjI4NTE0NC9nSW81TXcifQ",
  "signature": "hVPbiHv4eMuGOqcS9CtPo7rDSykSX8fMoFHqATvi2cHEDQrP-fP6RsQosusNeO_Mw__B8P4kLblq_JLkoIwMjUzlxAln9lF_BCiKGBuqDRfpUFCnfc0FY4OiO4zL35Du-Z4uGQuQQGp7x6JdHX3Y5QPsh6_gFpzkV6AoGSo3MZEkuPapAz54HbyNpyqwb7eS9pUDnTwPNhuESaUjhSepBICZwF13j55mFdSre_PR6eSBta-HDVcL8V5OoWOxICnbclzkh86Bh8702LBQlGjKUh8k87WN1koAm-vXI0lOBOE2-bCzKcdslVhTk_9zRQMy7t4gw5x_eUCV1kt1yopd6Q",
  "payload": "e30"
}
2025-04-29 16:00:30,527:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall/197359994/17082285144/gIo5Mw HTTP/1.1" 200 201
2025-04-29 16:00:30,527:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:30 GMT
Content-Type: application/json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 197359994
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/197359994/17082285144>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw
Replay-Nonce: 6HmkGaTnUv_D8m3eJ1YNtP9FXTDdUDMfHgbHtjrdPFl3cejOPOA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw",
  "status": "pending",
  "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA"
}
2025-04-29 16:00:30,527:DEBUG:acme.client:Storing nonce: 6HmkGaTnUv_D8m3eJ1YNtP9FXTDdUDMfHgbHtjrdPFl3cejOPOA
2025-04-29 16:00:30,527:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-04-29 16:00:31,529:DEBUG:acme.client:JWS payload:
b''
2025-04-29 16:00:31,531:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/197359994/17082285144:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTczNTk5OTQiLCAibm9uY2UiOiAiNkhta0dhVG5Vdl9EOG0zZUoxWU50UDlGWFREZFVETWZIZ2JIdGpyZFBGbDNjZWpPUE9BIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE5NzM1OTk5NC8xNzA4MjI4NTE0NCJ9",
  "signature": "EZYudP4B3eN4iElOC8NJ6Q04cF7TMcMU_1y_maZzyBtho9l4vz9EIRAtXejRawJpJV1LO8vv9sddkE0gCI4FpNUkZ1zr_G8Q1dXo0kCSb2dZutM0hiXWuEHw-ubdiNamCVwULqXfjy2IH7QoNQe8zKiZzVvcMVvlOZTN0LmSqKj09P_SCdZ6cZfY0kk9qq8BSIzG8HIaW8eVDfX2s62XtHGAIuvqVE4TTmxYK_Lu6EG_mXBYJUhP_F2VAejXHl3dRU3MNtYWarZkQtJAcSdC37-OgFKfDzFoMfineN8GPFZGrwzY5sSQqh2-tKUzryL6PzXCLTg1EBxEVFDOnSQoUA",
  "payload": ""
}
2025-04-29 16:00:31,662:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/197359994/17082285144 HTTP/1.1" 200 1053
2025-04-29 16:00:31,662:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 29 Apr 2025 16:00:31 GMT
Content-Type: application/json
Content-Length: 1053
Connection: keep-alive
Boulder-Requester: 197359994
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wSl0VvnV-kMN_5G9P9YisrZE8JSBkGgy8gk-uIMhRSDq19QZLLQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "xcompro.site"
  },
  "status": "invalid",
  "expires": "2025-05-06T16:00:30Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/197359994/17082285144/gIo5Mw",
      "status": "invalid",
      "validated": "2025-04-29T16:00:30Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "54.76.23.13: Invalid response from http://xcompro.site/.well-known/acme-challenge/mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA: 502",
        "status": 403
      },
      "token": "mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA",
      "validationRecord": [
        {
          "url": "http://xcompro.site/.well-known/acme-challenge/mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA",
          "hostname": "xcompro.site",
          "port": "80",
          "addressesResolved": [
            "54.76.23.13",
            "34.241.57.115"
          ],
          "addressUsed": "54.76.23.13"
        }
      ]
    }
  ]
}
2025-04-29 16:00:31,662:DEBUG:acme.client:Storing nonce: wSl0VvnV-kMN_5G9P9YisrZE8JSBkGgy8gk-uIMhRSDq19QZLLQ
2025-04-29 16:00:31,663:INFO:certbot._internal.auth_handler:Challenge failed for domain xcompro.site
2025-04-29 16:00:31,663:INFO:certbot._internal.auth_handler:http-01 challenge for xcompro.site
2025-04-29 16:00:31,663:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: xcompro.site
  Type:   unauthorized
  Detail: 54.76.23.13: Invalid response from http://xcompro.site/.well-known/acme-challenge/mvlsnpI77hNkmpTTW49HJJ4PReJUcSfAAifx5NxtvWA: 502

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2025-04-29 16:00:31,664:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2025-04-29 16:00:31,664:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-04-29 16:00:31,664:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-04-29 16:00:31,664:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2025-04-29 16:00:31,892:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.10/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/main.py", line 1872, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/main.py", line 1578, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/client.py", line 523, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/client.py", line 424, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/client.py", line 502, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-04-29 16:00:31,894:ERROR:certbot._internal.log:Some challenges have failed.

My web server is (include version):
Kestrel aspnet:9.0-noble

The operating system my web server runs on is (include version):
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy

My hosting provider, if applicable, is:
EC2 Instance with Kestrel as Edge web server (Facing to AWS Application Load balancer)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 4.0.0

Additional Information which may help to resolve the issue
Scenario:


I am trying to get SSL certificate from Let's encrypt and install it for my ASP.NET CORE app.
ASP.NET CORE app is running on EC2 instance with Kestrel server which is facing to AWS ELB. Domain xcompro.site registered with GoDaddy.
ASP.NET CORE app is running as Container and container port is 8080.
As it is a test server may be the application is not running all time. (Just for Information)

testuser:~$ dig a xcompro.site +short
34.241.57.115
54.76.23.13

C:\Users\susha>curl -Ii http://xcompro.site
HTTP/1.1 200 OK
Date: Tue, 29 Apr 2025 21:02:19 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Server: Kestrel

As certbot certonly --standalone uses http-01 challenge (which uses port 80) for domain validation, but the Kestrel Webserver is running on Port 8080. May be due to this getting error, this is my understanding, not sure. If any further info required kindly update.
Kindly suggest and help.

on port 80, your site answered by aspnetapp, but standalone is well, standalone server so think you have port forwarding of outside 80 -> 8080 inside: whatever listening port 80 of outer internet need to reply with challenge token to pass it.

1 Like

It is not impossible but is difficult to get a cert using the HTTP method for a domain that has multiple IP addresses behind a load balancer.

You are using Route53 as your DNS provider and that is well supported by Certbot. You should use the DNS Challenge instead: Welcome to certbot-dns-route53’s documentation! — certbot-dns-route53 0 documentation

1 Like