Firs Timer: Unable to create New Cert in Amazon Linux 2 ami

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bidabest.com or www.bidabest.com

I ran this command:
sudo yum install -y certbot python2-certbot-apache
sudo certbot

I follow this Reference from AWS:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html#letsencrypt

It produced this output:
Which names would you like to activate HTTPS for?


1: bidabest.com
2: www.bidabest.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bidabest.com
http-01 challenge for www.bidabest.com
Waiting for verification…
Challenge failed for domain bidabest.com
Challenge failed for domain www.bidabest.com
http-01 challenge for bidabest.com
http-01 challenge for www.bidabest.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): Apache 2.4.41

The operating system my web server runs on is (include version): Amazon Linux 2 AMI

My hosting provider, if applicable, is: Amazon Web Services

I can login to a root shell on my machine (yes or no, or I don’t know):i don’t know, normally login as ec2-user

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

Hi @ztfong

your domain has already content. But /.well-known/acme-challenge/random-filename doesn’t work. There is a

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.

Mon Dec 02 22:33:44 MYT 2019

There was an unexpected error (type=Forbidden, status=403).

Access Denied

But that’s not the 503 error Letsencrypt has seen.

If you --apache, a temporary location is added. Looks like that doesn’t work.

Do you use that DocumentRoot?

DocumentRoot "/var/www/html"

If yes, create two subdirectories

/var/www/html/.well-known/acme-challenge

there a file (file name 1234), then try to load that file via

http://bidabest.com/.well-known/acme-challenge/1234

to see, if that works.

Hi @JuergenAuer
Thanks for your fast response.

  1. I noticed that i have commented out DocumentRoot “/var/www/html”. Therefore, i tried to uncommented it, restarted apache and tried to sudo certbot again. However, the same issue still persisted.

  2. Regarding your suggestion on create two subdirectories and then add a file in it. May i know this should be a .txt file or a .html file? I have try to added 1234.html file and then run with http://bidabest.com/.well-known/acme-challenge/1234 or http://bidabest.com/.well-known/acme-challenge/1234.html but same issue still persisted.

Please use the file name without an extension.

You must be able to see your file in your browser.

Then use webroot, not --apache.

Apache may not work.

Or your configuration is buggy, multiple vHosts.

apachectl -S

And what’s that?

There answers a Tomcat, not an Apache. So you don’t have the configuration of that tutorial, so --apache can’t work.

So use a Tomcat tutorial.