My domain is: bitwarden.waibel.dev
I ran this command: sudo certbot certonly --standalone
It produced this output:
Domain: bitwarden.waibel.dev
Type: unauthorized
Detail: The key authorization file from the server did not match
this challenge
"yxdIVADUgjDvsiBA_LodLb8z3zPJh1XWeABHSpOS7os.bjF7p69wa4x7xeydxlU1CSwsS8MlyDdkTBignFXZb1w"
!= "ACME client standalone challenge solver"
My web server is (include version): nginx, not sure what version as it’s configured by Bitwarden
The operating system my web server runs on is (include version): Windows 10 Pro 1903
My hosting provider, if applicable, is: self-hosted
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.27.0
For some additional background, I am attempting to self-host Bitwarden on my machine. I eventually plan to migrate this to a dedicated ubuntu server, but for now I’m just running this service on my personal Windows machine running in docker. Bitwarden offers to generate the cert for me using certbot, however during this step certbot throws the following error:
certbot: error: unrecognized arguments: -encodedCommand MAA= xml -outputFormat text
I’ve seem others with this issue online and no resolution, so I’ve decided to just create the certificate myself which is how I’ve landed in this key mismatch situation. I’m attempting to generate the cert using the WSL with the steps described above.
The bitwarden subdomain is configured via a CNAME entry as my server is behind a dynamic IP so I needed to use a CNAME for the redirect. I believe this may be part of the issue, but my inexperience in this area has me a bit lost. Any ideas what may be causing this key mismatch behavior?