Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My goal is to use a certificate that uses Elliptical Curve based bey issued by letsEncrypt
Currently, I used openssl to generate it using “ecparam” and I am trying to get it signed by LetsEncrypt.
Please guide me in the right direction if there is a better way to do it.
My domain is: koshaparekh.tk
I ran this command: certbot certonly --dry-run --dns-cloudflare --dns-cloudflare-credentials ./cloudflare.ini --domain “koshaparekh.tk” --domain “*.koshaparekh.tk” --csr csr.pem
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): kosha.parekh@gmail.com
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-staging-v02.api.letsencrypt.org/directory
(A)gree/©ancel: A
Performing the following challenges:
dns-01 challenge for koshaparekh.tk
dns-01 challenge for koshaparekh.tk
Unsafe permissions on credentials configuration file: ./cloudflare.ini
Starting new HTTPS connection (1): api.cloudflare.com
Starting new HTTPS connection (1): api.cloudflare.com
Waiting 10 seconds for DNS changes to propagate
Waiting for verification…
Challenge failed for domain koshaparekh.tk
dns-01 challenge for koshaparekh.tk
Cleaning up challenges
Starting new HTTPS connection (1): api.cloudflare.com
Starting new HTTPS connection (1): api.cloudflare.com
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: koshaparekh.tk
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for tk -
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
tmp$ dig koshaparekh.tk
My web server is (include version): I am using httpbin
The operating system my web server runs on is (include version): RHEL 8
My hosting provider, if applicable, is: I got a free domain from freenom and hosted it on Cloudflare
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.36.0