ERROR:certbot._internal.log:Some challenges have failed

Hi, I'm trying to enable Let's Encrypt ssl to be able to use https .
After having followed the different configuration steps of this link: How To Secure Apache with Let's Encrypt on Ubuntu 22.04 | DigitalOcean

By testing I always get an insecure url, I consulted the log file I have this:

Hello @PachaDev2, welcome to the Let's Encrypt community. :slightly_smiling_face:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

2 Likes

See the above you might want to also see their DigitalOcean Community | DigitalOcean as well.

1 Like

@PachaDev2,

Can you supply any additional information?
Such as the Step Number on the link you posted where issues start.

This leave me wanting more, what did you get for consulting the log file?

And to assist with debugging there is a great place to start is Let's Debug.

1 Like

@Bruce5051
At this part

sudo certbot --apache

in the level :

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your_domain
2: www.your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 

When I hit enter, I get the message: Certificate activation failed.

That is not enough information to understand what went wrong.
Please show the logs file:
/var/log/letsencrypt/letsencrypt.log

2 Likes

I had this error message:

Requesting a certificate for www.namedomaine.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: www.namedomaine.com
  Type:   unauthorized
  Detail: The key authorization file from the server did not match this challenge "dVEHDeFm7Yj0MZZwyMY-5qPIDFlcjy1Nc-FmoBBSvG0.mFstWPWqOaPClL3UVqryj7jsxbTEylUtwsDU5I_mL6w" != "dVEHDeFm7Yj0MZZwyMY-5qPIDFlcjy1Nc-FmoBBSvG0.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
/var/log/letsencrypt/letsencrypt.log
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: namedomaine.com
  Type:   unauthorized
  Detail: 213.186.33.5: Invalid response from http://namedomaine.com/.well-known/acme-challenge/nlRH-claXD9OTYlj2vJP4h1tZMe2vG-fi3DAqvwIThU: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n    <html>\n        <head>\n            <title>DISLAB MARCHAND</title>\n        "

  Domain: www.namedomaine.com
  Type:   unauthorized
  Detail: The key authorization file from the server did not match this challenge "Z71pKAgB00Ifyzhq77uDt4Re_hu95SGXZWKyBYE8mz4.mFstWPWqOaPClL3UVqryj7jsxbTEylUtwsDU5I_mL6w" != "Z71pKAgB00Ifyzhq77uDt4Re_hu95SGXZWKyBYE8mz4.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2023-01-10 13:11:16,649:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

It seems that your site is using some kind of HTML redirection page OR HSP default landing page.
LE needs to reach your system directly via HTTP to validate the challenge requests.

2 Likes

my site is on a cloud instance, I linked the IP of this instnace to the domain purchased from a host
so, how to do ??
to settle this

When you resolve the name in global DNS, it must show the IP address the HSP provided you.
When you connect to HTTP://YOUR-DOMAIN, it must not redirect via HTML to any other site.

2 Likes

@PachaDev2, you are making this whole process that much longer than it should.

3 Likes

With this error, the reason is that you are using an OVH Load Balancer. You won't be able to use the HTTP challenge, as a result.

See all these other threads.

4 Likes

@_az
there is no solution for this??

Dunno, you'd have to ask OVH about what to do.

There's a chance you could use a DNS plugin, but you haven't provided your domain name so I don't know whether there are any clients that support your DNS host.

4 Likes

Hello ,
I managed to activate the certboot, however I can no longer access my cloud instance via PuTTY, and this has happened since I activated.
Did enabling certbot change the host key of the remote server???
Is there a link??

No.

Probably not. SSH (PuTTy) runs on a completely different port and service than a webserver. I don't see the link.

4 Likes

Ok thank you for the answer

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.