Creating Standalone Cert Error

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: safari.mansfieldschool.net

I ran this command: certbot certonly --dry-run

It produced this output:
2020-12-02 15:05:40,360:DEBUG:certbot._internal.main:certbot version: 1.10.0
2020-12-02 15:05:40,361:DEBUG:certbot._internal.main:Arguments: ['--dry-run']
2020-12-02 15:05:40,361:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-12-02 15:05:40,398:DEBUG:certbot._internal.log:Root logging level set at 20
2020-12-02 15:05:40,398:INFO:certbot._internal.log:Saving debug log to C:\Certbot\log\letsencrypt.log
2020-12-02 15:05:40,408:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2020-12-02 15:05:40,418:DEBUG:certbot._internal.plugins.selection:Multiple candidate plugins: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x04767E50>
Prep: True

  • webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
    Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x04767B50>
    Prep: True
    2020-12-02 15:05:44,142:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x04767E50> and installer None
    2020-12-02 15:05:44,142:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
    2020-12-02 15:05:44,169:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/16915036', new_authzr_uri=None, terms_of_service=None), 5e06e1349b5e8e9cd6fa4e82afcd4d6a, Meta(creation_dt=datetime.datetime(2020, 12, 2, 21, 1, 15, tzinfo=), creation_host='W10A112219.mansfieldschool.edu', register_to_eff=None))>
    2020-12-02 15:05:44,170:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
    2020-12-02 15:05:44,173:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
    2020-12-02 15:05:44,389:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
    2020-12-02 15:05:44,390:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Date: Wed, 02 Dec 2020 21:05:44 GMT
    Content-Type: application/json
    Content-Length: 724
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800

{
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert",
"yggMeIazaik": "Adding random entries to the directory"
}
2020-12-02 15:05:44,390:DEBUG:certbot.display.ops:No installer, picking names manually
2020-12-02 15:05:56,540:DEBUG:certbot.display.util:Notifying user: Simulating a certificate request for safari.mansfieldschool.net
2020-12-02 15:05:56,647:DEBUG:acme.client:Requesting fresh nonce
2020-12-02 15:05:56,647:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2020-12-02 15:05:56,700:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-12-02 15:05:56,701:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 02 Dec 2020 21:05:56 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003-of3WxnsFdic62Z4t-mSJyYmZXZkQxU09V1xEQiBlPk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2020-12-02 15:05:56,701:DEBUG:acme.client:Storing nonce: 0003-of3WxnsFdic62Z4t-mSJyYmZXZkQxU09V1xEQiBlPk
2020-12-02 15:05:56,701:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "safari.mansfieldschool.net"\n }\n ]\n}'
2020-12-02 15:05:56,708:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjkxNTAzNiIsICJub25jZSI6ICIwMDAzLW9mM1d4bnNGZGljNjJaNHQtbVNKeVltWlhaa1F4VTA5VjF4RVFpQmxQayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "GSbCsiZk3pO2Qq3fiAoDE8ey6FNfATMESEoUCkMA3KBYz6yCrSxa-pPCGCKMkR3Lo3TkmbKpTcWCNOry9g8DK6KSNs_3fYnEqYRb7eGpBcolsWio1t9TRMRg9Rm8lbJ8OmikcUTCt--Gh1c3cp1GbUsHA1kNsqBIwO2Mqz_tZcBcWRkR-DLg0Wp-H430lrmUjXmJBT9GvdmC3FQ7-uwNmDOzSqg6y8K6HS57jRxvX_7ZTIW1AQRfGvJXVrZu6OqlFMraRT0HMvK5lQr-8Dgl4iDFARhY9u-ZUx0bQKZPOob0CtGBqGL-8k5b1JVyw7774Pz_WWiztfzLk5hnb_ymUA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNhZmFyaS5tYW5zZmllbGRzY2hvb2wubmV0IgogICAgfQogIF0KfQ"
}
2020-12-02 15:05:56,796:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 370
2020-12-02 15:05:56,796:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 02 Dec 2020 21:05:56 GMT
Content-Type: application/json
Content-Length: 370
Connection: keep-alive
Boulder-Requester: 16915036
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/16915036/195784583
Replay-Nonce: 0003UsVIwy0b1fUmAuBs3n3y_8VQSBvySLPv-lAAnw3obaU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2020-12-09T21:05:56.935058793Z",
"identifiers": [
{
"type": "dns",
"value": "safari.mansfieldschool.net"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/166225911"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/16915036/195784583"
}
2020-12-02 15:05:56,797:DEBUG:acme.client:Storing nonce: 0003UsVIwy0b1fUmAuBs3n3y_8VQSBvySLPv-lAAnw3obaU
2020-12-02 15:05:56,797:DEBUG:acme.client:JWS payload:
b''
2020-12-02 15:05:56,804:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/166225911:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjkxNTAzNiIsICJub25jZSI6ICIwMDAzVXNWSXd5MGIxZlVtQXVCczNuM3lfOFZRU0J2eVNMUHYtbEFBbnczb2JhVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjYyMjU5MTEifQ",
"signature": "KiYl5C8hh0MZS_Trha19XoJKU09kuJu7md2FF__SWx-NHv2dJFkI1VZtdaP-xZoSrNIWM2WaMwRJKVaqKUcubHmBBEiilUcGyFCyXg3f1irBR8vHoZnHp3PvPn7KA9YevfENgvBT4l67hHZfUbAayFrL0QC0P4c3VFEb-zIpBIQWZTIS4Cc2QtFPS-jgAauPmhh3qNAkLffLLRJ2m4jt-RLPQGGKHvReQgKisoWFnJbsLJ83f1n1aoLviess46lbY76HOas8xr32QdqHMxICZkwp--5KNSf2gCYJkwhcyRTiWy3erXGTiQWjMFJSSnTNDRlHoJUlsmAI28RJr-7-1Q",
"payload": ""
}
2020-12-02 15:05:56,860:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/166225911 HTTP/1.1" 200 825
2020-12-02 15:05:56,861:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 02 Dec 2020 21:05:57 GMT
Content-Type: application/json
Content-Length: 825
Connection: keep-alive
Boulder-Requester: 16915036
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00042t8QwQx4o9CSWaOO9BHR_1DY_ayR6h4wZROjzZkZjKw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "safari.mansfieldschool.net"
},
"status": "pending",
"expires": "2020-12-09T21:05:56Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/166225911/5KuceA",
"token": "dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/166225911/oX3n8w",
"token": "dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/166225911/7RA1CA",
"token": "dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc"
}
]
}
2020-12-02 15:05:56,861:DEBUG:acme.client:Storing nonce: 00042t8QwQx4o9CSWaOO9BHR_1DY_ayR6h4wZROjzZkZjKw
2020-12-02 15:05:56,862:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-12-02 15:05:56,862:INFO:certbot._internal.auth_handler:http-01 challenge for safari.mansfieldschool.net
2020-12-02 15:05:56,867:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2020-12-02 15:05:56,869:DEBUG:acme.standalone:Successfully bound to :80 using IPv4
2020-12-02 15:05:56,876:INFO:certbot._internal.auth_handler:Waiting for verification...
2020-12-02 15:05:56,876:DEBUG:acme.client:JWS payload:
b'{}'
2020-12-02 15:05:56,883:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/166225911/5KuceA:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjkxNTAzNiIsICJub25jZSI6ICIwMDA0MnQ4UXdReDRvOUNTV2FPTzlCSFJfMURZX2F5UjZoNHdaUk9qelprWmpLdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNjYyMjU5MTEvNUt1Y2VBIn0",
"signature": "uXqu1hnKPDG3eEqH7Zd7iVsY6xADFXzZ6mz3kE3P2auP-Q5Rko3YfysOaq-e15ZvEWIo7QCGRO-xlcwzaotG6LbkzOS_efuw-VzoDUDxbP5HJvi3bbpn3pqqSViJd3M4YAqzaHjXALQc_g8eI4gtsEEyU00D0ID0Z4Adpq-X5ejkO8y72eezgqS9FSw035-nU3FOx0qKnYKJvcHBxs12uaEbfti2cpEccZglGqCZYlfzzIX-NqNuVJ6f_31C_FJF1D3hUJ9agE_VznQkJnGokuegtWJAEjlrJjUPM_UzuNEdmMaHJ_7YBLv25N1D_LRo4yL9OwX3dHV1GlW-qYGbCA",
"payload": "e30"
}
2020-12-02 15:05:56,942:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/166225911/5KuceA HTTP/1.1" 200 192
2020-12-02 15:05:56,943:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 02 Dec 2020 21:05:57 GMT
Content-Type: application/json
Content-Length: 192
Connection: keep-alive
Boulder-Requester: 16915036
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/166225911;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/166225911/5KuceA
Replay-Nonce: 0003DxuNLMJXoFxDf0rteY1qxpHc85xKLF9-L0i0Gmzf99A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/166225911/5KuceA",
"token": "dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc"
}
2020-12-02 15:05:56,943:DEBUG:acme.client:Storing nonce: 0003DxuNLMJXoFxDf0rteY1qxpHc85xKLF9-L0i0Gmzf99A
2020-12-02 15:05:57,956:DEBUG:acme.client:JWS payload:
b''
2020-12-02 15:05:57,964:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/166225911:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjkxNTAzNiIsICJub25jZSI6ICIwMDAzRHh1TkxNSlhvRnhEZjBydGVZMXF4cEhjODV4S0xGOS1MMGkwR216Zjk5QSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNjYyMjU5MTEifQ",
"signature": "xnLpGiWbfmoABZ8OVtL83aGlVed-BUhrgs76bmprfAcfDdp1AU9XON8yiX2swczFS_kH-1Cn89-9vwgWKWHtMk7Fi8EONI9pMIFSr8MDmDzk5jkx1K-t46-eAJNy-3CGV_41t0EAbrWqLjHSpYvjZ0P5_7G-t-_29AGKSvoXCJpAu0CJ0TTk5B0dI_B_EtjOBTZDxJTI39S5JjPGPJTYwLLIbq-v-jdAphxFhn_dKRTH0ocLT_5dmoOUzyn5cGQaJGms5m4JUl_Ro6smcz-1U24QtegbZQEggcEGTvT3DWi_F5Lzs9MFJTk0DVfiPbbTZL6Ok1ncJ7LN4qf36KGEew",
"payload": ""
}
2020-12-02 15:05:58,021:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/166225911 HTTP/1.1" 200 1236
2020-12-02 15:05:58,021:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 02 Dec 2020 21:05:58 GMT
Content-Type: application/json
Content-Length: 1236
Connection: keep-alive
Boulder-Requester: 16915036
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004KOs0xA1eoLpmtvQtUSTzYu8bvuvpBZVsi-Evw8jqLYs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "safari.mansfieldschool.net"
},
"status": "invalid",
"expires": "2020-12-09T21:05:56Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://safari.mansfieldschool.net/.well-known/acme-challenge/dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc [204.185.16.12]: "\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n \u003chead\u003e\n \u003ctitle\u003eError\u003c/title\u003e\n \u003cstyle\u003e\n html,body {\n height: 1"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/166225911/5KuceA",
"token": "dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc",
"validationRecord": [
{
"url": "http://safari.mansfieldschool.net/.well-known/acme-challenge/dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc",
"hostname": "safari.mansfieldschool.net",
"port": "80",
"addressesResolved": [
"204.185.16.12"
],
"addressUsed": "204.185.16.12"
}
]
}
]
}
2020-12-02 15:05:58,021:DEBUG:acme.client:Storing nonce: 0004KOs0xA1eoLpmtvQtUSTzYu8bvuvpBZVsi-Evw8jqLYs
2020-12-02 15:05:58,022:WARNING:certbot._internal.auth_handler:Challenge failed for domain safari.mansfieldschool.net
2020-12-02 15:05:58,022:INFO:certbot._internal.auth_handler:http-01 challenge for safari.mansfieldschool.net
2020-12-02 15:05:58,024:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: safari.mansfieldschool.net
Type: unauthorized
Detail: Invalid response from http://safari.mansfieldschool.net/.well-known/acme-challenge/dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc [204.185.16.12]: "\n\n \n Error\n \n html,body {\n height: 1"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-12-02 15:05:58,026:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2020-12-02 15:05:58,026:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-12-02 15:05:58,026:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-12-02 15:05:58,027:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2020-12-02 15:05:58,027:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80...
2020-12-02 15:05:58,916:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "D:\obj\windows-release\37win32_Release\msi_python\zip_win32\runpy.py", line 193, in _run_module_as_main
File "D:\obj\windows-release\37win32_Release\msi_python\zip_win32\runpy.py", line 85, in run_code
File "C:\Program Files (x86)\Certbot\bin\certbot.exe_main.py", line 33, in
sys.exit(main())
File "C:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 15, in main
return internal_main.main(cli_args)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 1412, in main
return config.func(config, plugins)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 1293, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 134, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 441, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2020-12-02 15:05:59,130:ERROR:certbot._internal.log:Some challenges have failed.

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version):
FreeBSD
My hosting provider, if applicable, is:
Server is vendor provide and onsite

I can login to a root shell on my machine (yes or no, or I don't know): No

slight_smile: I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Using vendor supplied control panel to install cert

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.10.0

1 Like
2

Hi @tjohnson

--standalone starts an own webserver.

But on your domain, there is a running webserver - http://safari.mansfieldschool.net/.well-known/acme-challenge/dfpjpqbW9d6CeszZ-nKDT7z36C0VfYgrK-NNpPJpqGc - there is an answer.

So

  • Where do you run Certbot?
  • Did you stop your running webserver?

May be webroot is the better choice.

1 Like
3

I have a web server that is provided by a vendor. I am unable to modify their web server. The only options I have is to generate a CSR from their interface. I have a CSR and a CSR Private key. I have created a DNS entry on my domain name of Safari.Mansfieldschool.net. I have tried to use Certbot; the vendor does not allow the web service to be stopped to allow Certbot to complete the validation process. I have also tried https://gethttpsforfree.com and have been unable to create an "Account Public Key" to complete the process. I have reached out to the vendor and they only have the ability to generate a CSR and use a Commercial Certificate. What is the best way to use Letsencrypt for this site?

Thanks for your help,

1 Like
4

To verify domain ownership via http-01 challenges with the --standalone or --apache authenticator, the server running certbot must be able to write the authentication file(s) to where they can be gotten by the Let's Encrypt servers. If you wish, you can use the --manual authenticator with --preferred-challenges http then write the authentication file(s) to /.well-known/acme-challenge/ yourself (or via script).

To verify domain ownership via dns-01 challenges with the --manual authenticator with --preferred-challenges dns, you must create a DNS TXT record for each domain name being certified with a host/name in the format _acme-challenge.sub.domain.com (for example: _acme-challenge.Safari.Mansfieldschool.net) and a long value specified by certbot.

You can use the following OpenSSL commands to create your ACME account private key (account.key) and ACME account public key (public.key):

openssl genrsa -out account.key 2048
openssl rsa -in account.key -out public.key -pubout

Keep in mind that your ACME account public key and CSR public key must be different! If they are the same, https://gethttpsforfree.com will throw an error.

I am currently in process of reauthoring my own ACME client that is intended to be used specifically in cases like yours. It will vastly simplify the process. Be looking out for an announcement within a couple weeks.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.