Certbot failed to authenticate

abellido · May 28, 2024, 12:12pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot certonly --standalone -d insurtechsoft.com -d www insurtechsoft.com

It produced this output:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: insurtechsoft.com Type: unauthorized Detail: 201.188.170.24: Invalid response from http://insurtechsoft.com/.well-known/acme-challenge/_PE7MnVNkhD4AbXPAWaTPPijD8UydQ5JcTjfLHJyaF4: 502
My web server is (include version):
nginx
The operating system my web server runs on is (include version):
Ubuntu server 22.04 lts
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot clasic.
The error occurs because the first time i run this command by error i interrupt they proccess using ctrl+c after put My email. The second intent i got this error. Please help me

MikeMcQ · May 28, 2024, 12:15pm

Welcome @abellido

You have an nginx server replying to HTTP requests. Why are you trying to use --standalone method? Normally if you have a web server (like nginx) you would use the --nginx option or --webroot.

Your nginx is failing with a 502 Bad Gateway but that can be fixed.

Please explain more what you want working when all is done. Thanks

curl -i http://insurtechsoft.com
HTTP/1.1 502 Bad Gateway
Server: nginx/1.21.0

abellido · May 28, 2024, 12:34pm

Thanks Mike that I eant is just to use https and http on My server. So when I trying to install the certificate by error after write My e-mail I press ctrl+c and when i try to writte the command certbot again. The autenticación error happens. I believe because My interrupción. So I eant to know if it's possible to update the email and domain asociation that I think is broken.

MikeMcQ · May 28, 2024, 1:10pm

I don't think that is what is broken. Any email association is only to your ACME account and not a specific domain.

Are you planning on using nginx with a cert and HTTPS? I can help you get that working.

abellido · May 28, 2024, 2:01pm

Mike, Thanks a lot, yes I want to use nginx qith a cert and HTTPS on my server and really Im a developer not an system administrator. This is my personnel server and I just follow a guide. If you could help me I will appretiate it.

MikeMcQ · May 28, 2024, 2:40pm

Okay, you first need to get nginx handling HTTP requests properly. Or, at least the ACME HTTP Challenge that comes from the Let's Encrypt server.

Would you post the output of sudo nginx -T
An upper case T is essential. And please add 3 backticks before and after for best formatting. Like
```
output of sudo nginx -T
```
You have something in your nginx config causing the 502 Bad Gateway. Looking at your config we can get your server block setup for the HTTP Challenge.

Bruce5051 · May 28, 2024, 3:52pm

Supplemental information: Port 80 is Open, Ports 25, 443, 465, 587, and 993 are all filtered.

$ nmap -Pn -p25,80,443,465,587,993 insurtechsoft.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-28 08:48 PDT
Nmap scan report for insurtechsoft.com (201.188.170.24)
Host is up (0.18s latency).

PORT    STATE    SERVICE
25/tcp  filtered smtp
80/tcp  open     http
443/tcp filtered https
465/tcp filtered smtps
587/tcp filtered submission
993/tcp filtered imaps

Nmap done: 1 IP address (1 host up) scanned in 3.20 seconds

Also that I see with curl -Ii, nothing new here.

$ curl -Ii http://insurtechsoft.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 502 Bad Gateway
Server: nginx/1.21.0
Date: Tue, 28 May 2024 15:51:20 GMT
Content-Type: text/html
Content-Length: 157
Connection: keep-alive

$ curl -Ii http://insurtechsoft.com/
HTTP/1.1 502 Bad Gateway
Server: nginx/1.21.0
Date: Tue, 28 May 2024 15:51:26 GMT
Content-Type: text/html
Content-Length: 157
Connection: keep-alive

Edit: one more thing you have no MX Record in DNS

$ nslookup -q=mx insurtechsoft.com ns31.cloudns.net.
Server:         ns31.cloudns.net.
Address:        109.201.133.111#53

*** Can't find insurtechsoft.com: No answer

$ nslookup insurtechsoft.com ns31.cloudns.net.
Server:         ns31.cloudns.net.
Address:        109.201.133.111#53

Name:   insurtechsoft.com
Address: 201.188.170.24

Also here a a few links:

https://wiki.mozilla.org/Security/Server_Side_TLS

http://nginx.org/en/docs/

system · June 27, 2024, 3:53pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot failed to authenticate some domains Help	4	464	May 5, 2022
Certbot failed to report authenticate some domains (authenticator:standalone) Help	3	1126	January 4, 2024
Certbot fails to authorize Help	4	80	August 24, 2024
Certbot failed to authenticate some domains (authenticator: standalone) Help	6	195	May 30, 2024
Error : Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Help	6	545	February 16, 2024

Certbot failed to authenticate

Also here a a few links:

Related topics