Certbot on AWS Amazon Linux EC2

Help
1

Hi,

I know I’m not on a supported OS so just trying my luck. I think that it’s not working because my Tomcat is responding to the Acme request:

Domain: lab.xacml.eu
Type:   unauthorized
Detail: Invalid response from http://lab.xacml.eu/.well-known/acme-challenge/0L7xOXlOTANXdcNiIgE1V1aRxkEnBMSBlGVpkJBSZUo [34.193.145.100]: "<!doctype html><html lang=\"en\"><head><
title>HTTP Status 404 <E2><80><93> Not Found</title><style type=\"text/css\">h1 {font-family:Tahoma,A"

My domain is: lab.xacml.eu

I ran this command: sudo /usr/local/bin/certbot-auto certonly --standalone -d lab.xacml.eu --debug

It produced this output:

[ec2-user@ip-172-30-2-115 bin]$ sudo /usr/local/bin/certbot-auto certonly --standalone -d lab.xacml.eu --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lab.xacml.eu
Waiting for verification...
Challenge failed for domain lab.xacml.eu
http-01 challenge for lab.xacml.eu
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1378, in main
    return config.func(config, plugins)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1265, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 405, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 348, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 384, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 154, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:
 - The following errors were reported by the server:
Error in atexit._run_exitfuncs:
Traceback (most recent call last):
  File "/usr/lib64/python2.7/atexit.py", line 24, in _run_exitfuncs
    func(*targs, **kargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/util.py", line 636, in _atexit_call
    func(*args, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/reporter.py", line 98, in print_messages
    next_wrapper.fill(line) for line in lines[1:]))
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2013' in position 263: ordinal not in range(128)
Error in sys.exitfunc:
Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib64/python2.7/atexit.py", line 24, in _run_exitfuncs
    func(*targs, **kargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/util.py", line 636, in _atexit_call
    func(*args, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/reporter.py", line 98, in print_messages
    next_wrapper.fill(line) for line in lines[1:]))
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2013' in position 263: ordinal not in range(128)
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache Tomcat 9.0.20

The operating system my web server runs on is (include version): Linux 4.14.114-83.126.amzn1.x86_64

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): /usr/local/bin/certbot-auto --version yields certbot 0.39.0

2

OK, my hunch was the right one… Having Tomcat running on the port where certbot would save the challenge for validation prevented certbot from doing it therefore ultimately failing the challenge validation. So make sure you stop your Tomcat or remove your port forwarding (which is what I was doing in my case).

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.