Certbot failed [unauthorized -- Detail: Invalid response from]

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: demo.storehub.top

I ran this command:
[certbot certonly --standalone --email ziyang.jiang@storehub.com --agree-tos -d demo.storehub.top --dry-run]

It produced this output:

My web server is (include version): k8s container

The operating system my web server runs on is (include version): k8s 1.15.3

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

i am obtaining a new certificate for a service in k8s container. i run this command in the other server which is not related the service.
i try the [certbot certonly --manual ] then add the dns TXT in my domain server, it works well. Can get a new certificate successfully.
But i think it’s trouble.
ANY GOOD IDEA…

Hi @zyjiang

why do you use --standalone if there is a running webserver?

Use that running webserver, may be with --webroot.

standalone requires to stop that webserver, so port 80 is free.

See

I known this case, i launch a new instance to obtain a new certficate.
The server is not related the service .
80 && 443 is open ,and httpd stopped.
Still:
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: demo.storehub.top
    Type: unauthorized
    Detail: Invalid response from
    https://demo.storehub.top/.well-known/acme-challenge/X_VbSgoRORORpFJJce2L8Q1Qcto9GscM6Sf0lmjlDxs
    [54.255.232.172]: “\n\n\n\n\t<meta
    http-equiv=“content-type” content=“text/html;charset=UTF-8”
    />\n\t<meta charset=“utf-8” />\n\t”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

the domain redirect to a service which (LB or the other…)

i have a service in aws eks.
I want to obtain a new cert in my local. FAILED.
only certbot manual works well but need added dns txt.
But i think it’s trouble. any good idea.

See your output. There is a redirect http -> https.

So use the https webroot with --webroot. Hope, you run your certbot on that ip 54.255.232.172.

Read

Certbot must be able to write in the root directory.

1 Like

ip 54.255.232.172,
This my test_k8s cluster master. If run this command in this server will have the issue as below:
[Problem binding to port 80: Could not bind to IPv4 or IPv6.]
But the port 80 cannot stop .