Certbot failed to authenticate some domains

CustomerDB · May 23, 2023, 9:36am

Hi,
Error while generating my certificate

My domain is:db-servizi,cloud

I ran this command:

sudo certbot -v --nginx -d db-servizi.cloud -d www.db-servizi.cloud

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for db-servizi.cloud and www.db-servizi.cloud
Performing the following challenges:
http-01 challenge for db-servizi.cloud
http-01 challenge for www.db-servizi.cloud
Waiting for verification...
Challenge failed for domain db-servizi.cloud
Challenge failed for domain www.db-servizi.cloud
http-01 challenge for db-servizi.cloud
http-01 challenge for www.db-servizi.cloud

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: db-servizi.cloud
  Type:   unauthorized
  Detail: 82.134.194.114: Invalid response from http://db-servizi.cloud/.well-known/acme-challenge/Dby7aUpxScGl0c0EkqJvozHIh679wZxioxvA7w0FRVs: 404

  Domain: www.db-servizi.cloud
  Type:   unauthorized
  Detail: 82.134.194.114: Invalid response from http://www.db-servizi.cloud/.well-known/acme-challenge/RsKjs-VI9YntMOfOSWlB1_7CoN0dK0vp45xUEbjplhg: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The operating system my web server runs on is (include version): Ubuntu 22.04.2

I can login to a root shell on my machine:yes
The version of my client is :2.6.0

thanks in advance

_az · May 23, 2023, 9:49am

$ curl -I www.db-servizi.cloud
HTTP/1.0 303 SEE OTHER
Content-Type: text/html; charset=utf-8
Content-Length: 214
Location: http://www.db-servizi.cloud/web
Set-Cookie: session_id=67b0429c939d8759f5cd1f81a5fe9b020cd58df0; Expires=Mon, 21 Aug 2023 09:47:35 GMT; Max-Age=7776000; HttpOnly; Path=/
Server: Werkzeug/2.0.2 Python/3.10.6
Date: Tue, 23 May 2023 09:47:35 GMT

if you look at the Server response header, you can see that your domain is not being served by nginx, but by what looks like a Python-based web server.

For Certbot's --nginx plugin to work, your domain needs to point to a server running the nginx web server, and Certbot needs to run on that same server.

CustomerDB · May 23, 2023, 9:59am

thank you for your reply
could it be the firewall doing this trick?
I have a zyxel where I managed a nat from port 80 to 8069 of the odoo erp

I also tried the let's debug site

_az · May 23, 2023, 10:14am

The solution would probably look like: whatever port the Python server is listening on, you need to get nginx to listen on that port instead, and put the Python server behind nginx (as a reverse proxy).

After you do that, you can try run Certbot.

system · June 22, 2023, 10:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.