Certbot fails to issue certificate for my dockerized backend api

That will make it difficult for us to look at then :slight_smile:

The --standalone option uses an HTTP Challenge. This requires the Let's Encrypt authentication server to reach you using a request like this:

http://(domain)/.well-known/acme-challenge/(token)

This uses port 80. You can setup your container to listen on other ports. And, use the option to tell --standalone to listen on an alternate port.

BUT, the original request comes to port 80. You would have to map that to your alternate port and still reply to the original request properly.

Debugging the standalone is more difficult than other methods because there is only a listener for the challenge when that is running. I am not sure if the below helps with a container but if Certbot was running in the host you could:

=============================

The --standalone method is difficult to debug because you need to keep Certbot running to test connection from the public internet.

A way to test this easier is to use these command options

certbot certonly --standalone --dry-run --debug-challenges -v -d (domain)

This command will show you the challenge URL to try from the public internet and the proper response. After showing you this it will say "Press Enter to Continue". DO NOT PRESS ENTER.

Leave it paused like that and use a different device to test connection. You can use a mobile phone with wifi disabled so use your carrier's network.

You do not have to use the full URL. Just try http://(yourdomain)

If the connection works this shorter URL should see a response like below. Otherwise, continue to adjust your local comms setup until it works.

ACME client standalone challenge solver
2 Likes