Create certificate error with certbot on aws linux machine

i have linux aws machine

step for create certificate

  1. have registered my record dns on

(http://niculine.ddns.net/) correctly responde my custom page apache2

  1. i have permission chmod +777 -R on apache2 /var/www/html
    and i created subdir .well-known/acme-challenge with all permission

  2. my host config

    <VirtualHost *:80>
               ServerName niculine.ddns.net
              
               DocumentRoot "/var/www/html"
    
    </VirtualHost>
    

i have used a docker image

sudo docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/certbot certonly --standalone --preferred-challenges http -d niculine.ddns.net

result error:

-preferred-challenges http -d niculine.ddns.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for niculine.ddns.net
Performing the following challenges:
http-01 challenge for niculine.ddns.net
Waiting for verification...
Challenge failed for domain niculine.ddns.net
http-01 challenge for niculine.ddns.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: niculine.ddns.net
   Type:   unauthorized
   Detail: Invalid response from
   http://niculine.ddns.net/.well-known/acme-challenge/QQgM_1MAHEKlKF6KQDoXzs7SxqSZ658SCJIvOcH17zM
   [54.74.176.126]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Hello @nturri1306,

If you use standalone parameter, certbot will start a server on port 80 but seems you have an Apache server already listening on port 80 so it won't work. If you still want to use standalone you should stop your web server first.

Cheers,
sahsanu

hello tnx for you response
i have this question my apache2 is running in another docker container and correct respose with port 80
if change command option 1 receive this

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): niculine.ddns.net
Requesting a certificate for niculine.ddns.net
Performing the following challenges:
http-01 challenge for niculine.ddns.net
Input the webroot for niculine.ddns.net: (Enter 'c' to cancel): /var/www/html/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/www/html/ does not exist or is not a directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Input the webroot for niculine.ddns.net: (Enter 'c' to cancel):

***** /var/www/html/ is directory of apche2 contanier

question EXIST A VERSION OF CERTBOT FOR AWS MACHINE?

1 Like

certbot should be able to write in /var/www/html/ but if that dir is not available on the host, only on the docker container side you can't validate your domain. I don't use docker so can't advise about how to allow the host to write to the dir inside the docker container.

If AWS Linux doesn't distribute certbot as a package then you could check whether you can install snap there and if you can you could use the certbot snap version... or you could use another client like acme.sh

1 Like

hello i've modify my run container and now it's ok

sudo docker run -it --rm --name certbot -v /var/www/html:/var/www/html -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/certbot certonly -d niculine.ddns.net

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.