Failed to obtain certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot --nginx -d jenkins.deepchainlabs.com

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for jenkins.deepchainlabs.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: jenkins.deepchainlabs.com
Type: unauthorized
Detail: 103.106.237.0: Invalid response from http://jenkins.deepchainlabs.com/.well-known/acme-challenge/BDBExhwzP3Gc0tPmnLBzU9YiFCgNkAYnfbGQZdHCVpw: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): ubuntu-22.04

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: namecheap
This file "/var/log/letsencrypt/letsencrypt.log" error output:Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: jenkins.deepchainlabs.com
Type: unauthorized
Detail: 103.106.237.0: Invalid response from http://jenkins.deepchainlabs.com/.well-known/acme-challenge/BDBExhwzP3Gc0tPmnLBzU9YiFCgNkAYnfbGQZdHCVpw: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2023-02-16 13:53:32,114:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-02-16 13:53:32,115:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-02-16 13:53:32,115:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-02-16 13:53:33,206:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1287, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-02-16 13:53:33,208:ERROR:certbot._internal.log:Some challenges have failed.

I can login to a root shell on my machine (yes or no, or I don't know):yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

3

Hi @shihab, and welcome to the LE community forum :slight_smile:

Please show the output of both:

certbot certificates

nginx -T

Also, the HTTP site is not working from the Internet:

curl -Ii jenkins.deepchainlabs.com
curl: (56) Recv failure: Connection reset by peer
3 Likes
4

Here is a list of issued certificates crt.sh | jenkins.deepchainlabs.com, the latest being 2023-02-16.
It seems you have successfully obtained a certificate and are currently serving it.

$ openssl s_client -showcerts -servername jenkins.deepchainlabs.com -connect jenkins.deepchainlabs.com:443 < /dev/null
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = jenkins.deepchainlabs.com
verify return:1
---
Certificate chain
 0 s:CN = jenkins.deepchainlabs.com
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 16 09:38:56 2023 GMT; NotAfter: May 17 09:38:55 2023 GMT
-----BEGIN CERTIFICATE-----
MIIEjDCCA3SgAwIBAgISBHHLgz0ctwYqDWVomXTwEfHhMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAyMTYwOTM4NTZaFw0yMzA1MTcwOTM4NTVaMCQxIjAgBgNVBAMT
GWplbmtpbnMuZGVlcGNoYWlubGFicy5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNi
AATJalSFbtc4X8mqoTCrySZRBGzdSEz83n9Sq3z6GGK9mapRnmSgrMzD97UwQrCL
2vVoeaajCx4vrdTyY9ZC/qnuRMjD+Qe5C5y0TAU/dA29qs5IL4isnovfJ85jD0qT
4lqjggJWMIICUjAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLPrGxs90sfLAsO7wtja
CJTpo3TCMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUF
BwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsG
AQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCQGA1UdEQQdMBuCGWplbmtp
bnMuZGVlcGNoYWlubGFicy5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYB
BAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v
cmcwggEGBgorBgEEAdZ5AgQCBIH3BIH0APIAdwC3Pvsk35xNunXyOcW6WPRsXfxC
z3qfNcSeHQmBJe20mQAAAYZZzkbjAAAEAwBIMEYCIQDNcj3BpO+XCb3cwEGZBXQF
jgM2Tf5rI2bNZQQmc6P8ewIhALVttAsjVP1VpJW/RlJGMHf6By6TGaZml1GNz+o1
USFIAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGWc5G9gAA
BAMASDBGAiEAuxhNv3anwDiiJOAXlBfmNBCV9flYPtilOZyCY1fTK2oCIQDg1DJ1
J7Y8KKNWnEh+PweVtGPURM997sbamOZDEPNMoTANBgkqhkiG9w0BAQsFAAOCAQEA
Zbwfix2wS081cn9rHQM21vfSLa/jD8dGIikfyVDIDa5wCHtU9GhKqcg1ZDa/6myR
3anFdM/nSwll9b1NlhZDdOHo7SF4AHgevfqQ+fUND4Bdkd6nI/LLTAh/f9ai+CgW
BQsUITp1etEHnsjgTg6V4vJ5kNIfIksX0gLcHP6dSQaKhAJDHUoYdVa42Jjs5xxA
iVi3DrktyfB2gfufvwHgWENRqkUgtwm8TUZHDiLdLa7giAWU7iT8/Vn3jo/6zOhe
kAS5vdO8cyM9lgomRf1n7A0pWeMcTMupOrlzwaTcXtZ3sEPA99t6SMfqGiUyLCZZ
ZNebAvtWbIUHIb65xBQqIQ==
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = jenkins.deepchainlabs.com
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA384
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2886 bytes and written 407 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 384 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
2 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.