Error : Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: inivosglobal.com

I ran this command: sudo certbot certonly --standalone -d inivosglobal.com -v

It produced this output:

[kinish@dbserver-localdomain ~]$ sudo certbot certonly --standalone -d inivosglobal.com -v
[sudo] password for kinish:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for inivosglobal.com
Performing the following challenges:
http-01 challenge for inivosglobal.com
Waiting for verification...
Challenge failed for domain inivosglobal.com
http-01 challenge for inivosglobal.com

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: inivosglobal.com
Type: unauthorized
Detail: The key authorization file from the server did not match this challenge. Expected "knD7sAyHGxnP7sI2AR_j89OFP53MFcw_IGpqDjPo3QA.XnGE6sRW_Uhv9c8tuNKL8FAICQIx1-fvqe14GZyikFs" (got "")

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Server version: Apache/2.4.37 (Oracle Linux)
Server built: Oct 24 2023 23:52:21

The operating system my web server runs on is (include version): Red Hat Enterprise Linux release 8.8 (Ootpa)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

$ dig a inivosglobal.com +short
75.2.70.75
99.83.190.102

You have two IPv4 addresses in your dns records. If you didn't do this on purpose, one is wrong and should be removed.

And, if you did do it on purpose the --standalone method won't work unless you somehow route requests to either of those IP to that single --standalone instance.

That is, all IP in the DNS must be able to respond to validation requests from Let's Encrypt servers. There will be several requests from different global points.

[root@dbserver-localdomain ~]# sudo certbot --apache -d inivosglobal.com -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for inivosglobal.com
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@dbserver-localdomain ~]#

add --dry-run to check, wait an hour or so to remove it.

The --apache plugin authenticator does not support --dry-run. For testing need to use certonly

sudo certbot certonly --dry-run --apache -d inivosglobal.com -v

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.