Certbot failed to authenticate

anzenctf · May 13, 2024, 5:19pm

My domain is:hello.anzenctf.live

I ran this command:
sudo certbot certonly --standalone

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): hello.anzenctf.live
Requesting a certificate for hello.anzenctf.live

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: hello.anzenctf.live
Type: unauthorized
Detail: 52.140.39.16: Invalid response from http://hello.anzenctf.live/.well-known/acme-challenge/FkHJYz6d4AgC95p-nZm9ugIqCWmfKtSi4zcdsTqaRtc: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
My web server is (include version):

The operating system my web server runs on is (include version):Ubuntu 20 Virtual machine hosted on azure

My hosting provider, if applicable, is:Azure

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no
d
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.10.0

Osiris · May 13, 2024, 5:22pm

There's an nginx webserver responding on the hostname hello.anzenctf.live. It's serving a webpage for "AnzenCTF", is that correct?

As a matter of fact, it's claiming to be nginx 1.26.0. But Ubuntu doesn't ship with nginx 1.26.0. Focal ships with 1.18.0 as does Ubuntu 22 (jammy). And even Ubuntu 23 (mantic) and more recent only ship 1.24.0.

So I'm curious where the Ubuntu 20 without a webserver is fitting into this picture Comparing to a (probably) non-Ubuntu server with nginx 1.26.0.

Bruce5051 · May 13, 2024, 5:51pm

Supplemental information: presently I see Port 80 & 443 filtered.

$ nmap -Pn -p80,443 hello.anzenctf.live
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-13 17:50 UTC
Nmap scan report for hello.anzenctf.live (52.140.39.16)
Host is up.

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.26 seconds

rg305 · May 13, 2024, 5:51pm

Hi @anzenctf, and welcome to the LE community forum

Let's verify that your DNS is pointing to the current IP, with the output of:
curl -4 ifconfig.me

anzenctf · May 14, 2024, 4:22am

Yes my ip points to the domain

rg305 · May 14, 2024, 5:54am

Then you need to ensure that the HTTP requests reach the ACME client running in standalone mode.

system · June 13, 2024, 5:54am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot failed to report authenticate some domains (authenticator:standalone) Help	3	1108	January 4, 2024
Certbot failed to authenticate some domains (authenticator: nginx) Help	8	718	March 14, 2023
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Help	11	6556	February 16, 2023
Certbot SSL Certification - Failed Help	3	203	June 11, 2024
Certbot failed to authenticate some domains (authenticator: nginx) Help	7	438	March 11, 2024

Certbot failed to authenticate

Related topics