Good evening, to make a quick summary I am a developer and I code a web application and I need to have a certification for tests (other than self signed).
I discovered certbot, but several problems arose, I executed several commands and in all cases, my server never detected that someone was looking for a file.
Here is the error when I execute my command:
PS C:\Users\nalili> certbot certonly --dry-run -a webroot -w C:\Users\nalili\Documents\GitHub\book-reader\server-side
Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): www.nalili.fr
Simulating a certificate request for www.nalili.fr
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
I thought it was an error in my code, but when I tried to do the same operation as he did, I was able to download the file perfectly, even on another remote computer that is not on the same network.
I've been working on this problem for about 3 hours now, I think I've done something wrong but I can't figure out what
I don't get the contents of the challenge file. I get a web page that with frameset links instead. The Let's Encrypt Servers need to see the challenge file data. Or, get redirected with an HTTP redirect (like a 301) to another domain. It does not interpret HTML and won't follow links to IP addresses in any case. See (link here)
Below is your URL but if I use a different challenge token (like ForumTest123) I would expect a 404 Not Found but instead get this same HTTP 200 OK with this data.
It is normal that you don't have the challenge files as they are directly deleted by the script when it's fail.
But I think I have identified the problem, as you have shown in your post, I use OVH for my redirection, but it is not the first time I have problems because it points to the OVH redirection servers and not my ip and it is really weird sometimes.
I should have dealt with this problem directly, but I had completely forgotten about it.
Sorry for the inconvenience.
PS : In my code it does not treat the challenge as an HTTP, but offers to download it directly (as there is no extension) as indicated in the HINT
I think I found the problem and it's because of the OVH redirects.
I tried to do it without redirection and put the port in raw and it works a little better, now I have other problems to solve ._. but it is a good start I guess
certbot certonly --dry-run -a webroot -w C:\Users\nalili\Documents\GitHub\book-reader\server-side\
Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): book.nalili.fr:8080
Simulating a certificate request for book.nalili.fr:8080
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: book.nalili.fr
Type: connection
Detail: 78.112.187.75: Fetching http://book.nalili.fr/.well-known/acme-challenge/3qH0AQpCuODAtI3RvP6YzJ8zhYfbCdCo-aWutgNtAH0: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
Yes, a better approach and I see your new IP in the DNS.
But, you can't use non-standard ports for HTTP (or HTTPS if you redirect) for an HTTP Challenge. See the details (link here)
EDIT:
You can even see in the error message below that the Let's Encrypt server did not even use your :8080 port in the HTTP request. I think Certbot removes it but no matter it is not allowed.
Well, I appreciate it can be frustrating but it's not for nothing. In fact, it's part of the ACME requirements. Let's Encrypt didn't make those up but it does follow them.
You could consider a DNS Challenge if the HTTP Challenge does not suit your purpose. It's often harder to automate but not always (link here)