Could not obtain certificates & Permission Denied

Hello, i am trying to renew my certification and i am having problems with my site, im not what so ever an expert. so i am trying to follow the steps here

when i run sudo /opt/bitnami/letsencrypt/lego --tls --email=“EMAIL-ADDRESS” --domains=“DOMAIN” --domains=“www.DOMAIN” --path="/opt/bitnami/letsencrypt" run ; yes i am replacing the info with my domain and email, i get this error;

2020/02/05 18:32:03 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acm
e-tls/1” for tls-alpn-01 challenge, url:
[] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol
“acme-tls/1” for tls-alpn-01 challenge, url:

I feel that i have completely muddled this thing up by following to many different tutorials. maybe is there a way i can reset all my ssl stuff and try again.

also but when i run the lines
curl -Ls | grep browser_download_url | grep linux_amd64 | cut -d ‘"’ -f 4 | wget -i -

it returns no errors but it does return with a gz.3, probably because i have tried multiple times.

please help

Back ground story: i set up my website using this tutorial . and i tried following these steps to set up auto-renew form here and i am getting permission denies.

Hi @calcodes,

I imagine that lego is expecting to be able to bind port 443 and provide its own web service for the ALPN method. But if you have an existing web server of your own listening on port 443, it would not be able to do this. You would probably need to stop your existing web server process temporarily in order to renew with this method, or else tell lego to use a different authentication method that works better in the presence of a running web server.

The files that this downloads are .tar.gz files, which need to be extracted with a command like tar xzvf in order to be used. They aren’t usable until their contents have been extracted. The .3 is because you’ve downloaded multiple copies of the file.

Thank you very much for the reply, i have been digging for more information, when l go to my website i get a 521 error, im using google cloud & domain with cloudflare. iv disabled cloudflare and when i revisit the site it says it couldn’t connect to the server, i cant connect when i try to login to my Cpannel.

is this even related to my screw up with the SSL?

could you please give me a suggestion on what to do next?
I have an xml file backup from Cpannel of my website, its this enough to restart the website from scratch? please help me - cal chan

I can’t identify the reason for this error without knowing the real domain name in question.

Unfortunately, this forum doesn’t exist to provide general web administration support. You may want to ask your hosting provider for help.

If you’re using cPanel to administer your site, you should probably not use lego to obtain certificates; instead, you should use the built-in Let’s Encrypt support inside of cPanel.

I understand this is not the appropriate place to ask, but you are the only expert i can talk to at the moment

Currently your domain is using Google’s DNS service and has no A or AAAA (or CNAME) records; if you tried to validate it using TLS-ALPN again, you would get a different error message – Let’s Encrypt can’t access your site when it doesn’t have an IP address.

Before, if you had Cloudflare proxying your site, it would not have been possible to use TLS-ALPN validation if Cloudflare was handling TLS, because Cloudflare would not forward the ALPN extension to your server.

Using HTTP validation would probably have worked since it just uses ordinary HTTP requests.

(Since you didn’t tell us your domain until now, we were unable to check.)

Edit: You may also be able to use DNS validation – lego supports both Cloudflare’s DNS service and Google Cloud DNS, but I believe Google Domains DNS does not have a suitable API. I don’t know if the Bitnami/lego integration allows that, though.

1 Like

Thank you so much for the unwarranted assistance and this information, i will try to work it out from here.

thank you again - cal chan

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.