Certbot failed to authenticate some domains (authenticator: webroot)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kalevent.com

I ran this command: docker logs 6671a26ce253

It produced this output:

ccee52c387a   prom/prometheus:latest                  "/bin/prometheus --cā€¦"   34 seconds ago   Up 32 seconds            >9090/tcp   prometheus
(.venv) kofi (ci-cd *) kalevent $ docker logs 6671a26ce253 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for kalevent.com and www.kalevent.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: kalevent.com
  Type:   connection
  Detail: Fetching http://kalevent.com/.well-known/acme-challenge/I2avJKQGO_RWAf8wjjzTc5sFtrZDzMKfEAwN7T1I-QU: Timeout during connect (likely firewall problem)

  Domain: www.kalevent.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for www.kalevent.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.kalevent.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
(.venv) kofi (ci-cd *) kalevent $ 

My web server is (include version): nginx

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: aws kubernetes

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): (.venv) kofi (ci-cd *)
certbot 2.7.4

Do you have any specific question or any specific issue you're having trouble with? Because the errors are pretty much self-explanatory I'd say :slight_smile:

1 Like

Error #1:

Does your ISP allow inbound HTTP [TCP port 80] connections?
If not: You won't be able to authenticate using HTTP.
If so: Do you know how to open the firewall?
The Internet must be able to reach your server via HTTP.

Error #2:

Do you know how to make a DNS entry for your domain?
If not: Then you need to speak with your DSP.
If so: Then you simply need create an entry for the "www" name.


Image delete

I have provisiioned all these and allow port 80 and 443 on aws and check my local host firewal. I use Mac and by default allows all

Have your checked your EC2 Security Group? And, I am not kubernetes expert but have you checked all the port assignments for that?

Because I now see you have a DNS record for your www domain so that is progress.

But, I cannot connect to either one from my own AWS EC2 test server (US East Coast)

And, neither can Let's Debug which I highly recommend to test your connectivity

My test server

curl -i -m8 http://kalevent.com
curl: (28) Connection timed out after 8000 milliseconds

And, this ...


Can you reach any of these from the Internet?:


I can't :frowning:
Let's Debug can't:
Let's Debug (letsdebug.net)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.