Failed challenges with Certbot and K8s

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kalevent..com

I ran this command: sudo certbot certonly --webroot -w /Users/kofi/kalevent/app/templates -d kalevent.com --email support@kalevent.com --agree-tos --no-eff-email

It produced this output: {
"identifier": {
"type": "dns",
"value": "kalevent.com"
},
"status": "invalid",
"expires": "2024-06-10T12:50:23Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "44.231.58.202: Invalid response from https://kalevent.com:443/.well-known/acme-challenge/WuqASvZQA_UcMKdq1MTt2cGP-HIhEjDf-9COa637EXY: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/359125256812/bv9oEQ",
"token": "WuqASvZQA_UcMKdq1MTt2cGP-HIhEjDf-9COa637EXY",
"validationRecord": [
{
"url": "http://kalevent.com/.well-known/acme-challenge/WuqASvZQA_UcMKdq1MTt2cGP-HIhEjDf-9COa637EXY",
"hostname": "kalevent.com",
"port": "80",
"addressesResolved": [
"44.231.58.202",
"34.209.196.187"
],
"addressUsed": "44.231.58.202"
},
{
"url": "https://kalevent.com:443/.well-known/acme-challenge/WuqASvZQA_UcMKdq1MTt2cGP-HIhEjDf-9COa637EXY",
"hostname": "kalevent.com",
"port": "443",
"addressesResolved": [
"44.231.58.202",
"34.209.196.187"
],
"addressUsed": "44.231.58.202"
}
],
"validated": "2024-06-03T12:50:24Z"
}
]
}

My web server is (include version): flask app

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is: amazon web services. I use kubernetes as container orchestration system and aws instance gateway with it is own nginx configuraion file

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Using control panel and terraform

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): kalevent $ pip show certbot
Name: certbot
Version: 2.10.0
Summary: ACME client
Home-page: GitHub - certbot/certbot: Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Author: Certbot Project
Author-email: certbot-dev@eff.org
License: Apache License 2.0
Location: /Users/kofi/kalevent/venv/lib/python3.11/site-packages
Requires: acme, ConfigArgParse, configobj, cryptography, distro, josepy, parsedatetime, pyrfc3339, pytz, setuptools
Required-by: certbot-nginx

2

Hi @k0f1
Welcome back to the community.
It seems you are having an issue obtaining a Lets Encrypt Certificate when all the while your welcome page is serving a valid cert from Amazon. And it expires in March 2025

Issuer: C = US, O = Amazon, CN = Amazon RSA 2048 M02
 Validity
     Not Before: Feb 18 00:00:00 2024 GMT
     Not After : Mar 18 23:59:59 2025 GMT

A records for kalevent.com: ['44.231.58.202', '34.209.196.187']

Can you explain your goal here, I am a bit confused since you have an existing commercial wildcard cert (from elsewhere)..

4 Likes
3

Thanks. My devOp team used certificates from aws but I did not know this is letsencrypt. They are used in the network gateway but not inside the app container itself.

1 Like
4

So please explain. I am not sure if you intend to use Let's Encrypt or not. Your response was unclear, at best.

5 Likes
5

Thanks I have decided to leaave the cloud ssl certificate from aws for now

3 Likes
7

Thank you.

3 Likes