Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: domaine
I ran this command:
sudo certbot certonly
--dns-ovh
--dns-ovh-credentials /etc/nginx/sites-available/ssl/ovh.ini
-d jdupontboudry.ovh

It produced this output:
Error determining zone identifier for domaine: 403 Client Error: Forbidden for url: https://eu.api.ovh.com/1.0/domain/zone/. (Are your Application Key and Consumer Key values correct?)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Nginx

The operating system my web server runs on is (include version): nGINX

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.2.0

Hi guys, i have no idea how to do it, i'm hosting this into my webstite on my raspberry. I have a auto-signed certificate but i want to replace it by a let's encrypt, but..i can't.

Any ideas? thanks !

Have you set up your OVH accounts access rules according to the documentation at Welcome to certbot-dns-ovh’s documentation! — certbot-dns-ovh 0 documentation?

Hello @jeffdupont, welcome to the Let's Encrypt community.

Using Let's Debug I see these results ReservedAddress Fatal https://letsdebug.net/jdupontboudry.ovh/1372856

Your DNS A Record

$ nslookup jdupontboudry.ovh
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   jdupontboudry.ovh
Address: 192.168.1.54

has a non-routable IPv4 Address Private network - Wikipedia

You need a routable IP Address.

Here is a list of issued certificates crt.sh | jdupontboudry.ovh, the latest being 2023-01-19.

I am using a private ip, because it is only in my lan. i have dnsmasq who it is setup too

Not for the DNS challenge!

this is like this?

OVH API credentials used by Certbot

dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = MDAwMDAwMDAwMDAw
dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw

(i had replaced the key)

Correct!

So, what do i need to do

Make sure the access rules associated with that configured account are correct according to the documentation at Welcome to certbot-dns-ovh’s documentation! — certbot-dns-ovh 0 documentation

maybe the last certificate was for an old website (who can be accessible into the wan)

Test that the key works [independantly of the ACME client use]

Thanks, i did it

mhh...how (sorry i'm a noob)

The OVH documentation might be helpful here.

I know, but which one haha?

The plugin documentation links to Control panel - OVHcloud, but I'm not sure (but would assume) the access rules settings would also be somewhere in that neighbourhood.

i set this :

Test
Application name
test
Application description
Validity

Unlimited
Rights

GET
/jdupontboudry.ovh/*

POST
/jdupontboudry.ovh/*

PUT
/jdupontboudry.ovh/*

DELETE
/jdupontboudry.ovh/*

Shouldn't it be /domain/zone/jdupontboudry.ovh/*, as specified in Welcome to certbot-dns-ovh’s documentation! — certbot-dns-ovh 0 documentation?

i know but..how? i need to set /domain/zone/jdupontboudry.ovh/* on all blank?

sorry i'm so lost

Instead of

GET
/jdupontboudry.ovh/*

POST
/jdupontboudry.ovh/*

PUT
/jdupontboudry.ovh/*

DELETE
/jdupontboudry.ovh/*

You should have

GET
/domain/zone/jdupontboudry.ovh/*

POST
/domain/zone/jdupontboudry.ovh/*

PUT
/domain/zone/jdupontboudry.ovh/*

DELETE
/domain/zone/jdupontboudry.ovh/*

In that access rules control panel.

I'm just copying your layout, I have no clue how OVH shows it in their control panel..

Oh and according to the documentation, it should, next to the above, also have a single

GET
/domain/zone/

listed.