Hi! I could really use some help! Thank you in advance.
My domain’s DNS is hosted and protected by Cloudflare.
I have Cloudflare credentials/ API Key stored in /root/.secrets/cloudflare.ini
If I specify just the webroot I get an authentication failure probably because the physical IP of the box doesn’t match the A/AAAA records at Cloudflare.
If I try to specify the cloudflare-dns options then certbot bombs.
I also have this in my sites-enabled config for the domain:
server {
server_name nsfw.social;
listen 80;
listen [::]:80;
location ~ /\.well-known/acme-challenge {
root /var/lib/letsencrypt/;
}
location / {
return 301 https://$server_name$request_uri;
}
}
My domain is:
nsfw.social
I ran this command:
certbot certonly --cert-name nsfw.social -a webroot -w /var/lib/letsencrypt -d nsfw.social
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nsfw.social
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. nsfw.social (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://nsfw.social/.well-known/acme-challenge/CxOkSwkBg9d7T7bCjM8_wvFc1ig-2ifESIcR1NDSnAA [2606:4700:30::681b:bdd4]: "<meta name=viewport content=“width=device-width,initial-scale=1,user-scal”
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: nsfw.social
Type: unauthorized
Detail: Invalid response from
https://nsfw.social/.well-known/acme-challenge/CxOkSwkBg9d7T7bCjM8_wvFc1ig-2ifESIcR1NDSnAA
[2606:4700:30::681b:bdd4]: "<meta name=viewport
content=“width=device-width,initial-scale=1,user-scal”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Then I ran this command:
certbot certonly --cert-name nsfw.social -a webroot -w /var/lib/letsencrypt --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d nsfw.social
That produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: Too many flags setting configurators/installers/authenticators ‘webroot’ -> ‘dns-cloudflare’
Too many flags setting configurators/installers/authenticators ‘webroot’ -> ‘dns-cloudflare’
My web server is (include version):
ii nginx 1.14.2-2+deb10u1 all small, powerful, scalable web/proxy server
ii nginx-common 1.14.2-2+deb10u1 all small, powerful, scalable web/proxy server - common files
ii nginx-full 1.14.2-2+deb10u1 amd64 nginx web/proxy server (standard version)
ii certbot 0.31.0-1 all automatically configure HTTPS using Let’s Encrypt
ii python3-certbot 0.31.0-1 all main library for certbot
ii python3-certbot-dns-cloudflare 0.23.0-2 all Cloudflare DNS plugin for Certbot
ii python3-certbot-nginx 0.31.0-1 all Nginx plugin for Certbot
The operating system my web server runs on is (include version): Debian 10
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.31.0