FreeBSD + lighttpd SSL configuration

My domain is: mgerlofsma.nl

I ran this command: certbot -v certonly --standalone -d mgerlofsma.nl

It produced this output: "invalid response"

My web server is (include version): lighttpd 1.4.55_1

The operating system my web server runs on is (include version): FreeBSD 12.1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.8.0

Should the command certbot -v certonly --standalone -d mgerlofsma.nl
work if no server is running and the hostname correctly refers to my server's ip?

With a running lighttpd server, the command certbot certonly --webroot -w /usr/local/www/data -d mgerlofsma.nl results in the same failure.
I can browse the directory /usr/local/www/data/.well-known/acme-challenge if I create it.
Is my modem a possible problem? (It runs NAT settings for port 80 and 443 to the local server machine.)

1 Like

Hi @mg78

checking your domain with my browser that looks like a parking page of your provider.

So the wrong machine / server may answer.

Where do you run your Certbot?

Must run there:

Name: mgerlofsma.nl
Addresses: 2a03:3c00:a001:7010::1
82.171.99.10

2 Likes

Yes, the server works without problems, on port 80 and on 443 with security warning.
It currently has no content but a tiny index.html file. I can see it with my phone, so that works. Not sure what a "parking page" should look like...

Is a standalone attempt possible, without a server running but from the server machine? That would exclude server misconfiguration but I'm not sure this is the right command: certbot -v certonly --standalone -d mgerlofsma.nl

1 Like

That command would spin up a temporary Python webserver for just the challenge on port 80. You've already tried that and it failed, right?

Unfortunately, you only pasted a tiny little bit of the output. It would be more helpful if you copy/pasted the entire output of certbot for us to read.

1 Like

The log output of the standalone command:
(Not seeing any code tag for that)

2020-09-27 10:41:15,418:DEBUG:certbot._internal.main:certbot version: 1.8.0
2020-09-27 10:41:15,421:DEBUG:certbot._internal.main:Arguments: ['-v', '--standalone', '-d', 'mgerlofsma.nl']
2020-09-27 10:41:15,423:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-09-27 10:41:15,594:DEBUG:certbot._internal.log:Root logging level set at 10
2020-09-27 10:41:15,597:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-09-27 10:41:15,603:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2020-09-27 10:41:15,645:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x43fd12d0>
Prep: True
2020-09-27 10:41:15,649:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x43fd12d0> and installer None
2020-09-27 10:41:15,651:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2020-09-27 10:41:15,687:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/97845621', new_authzr_uri=None, terms_of_service=None), ebb1ef558498b37071cef680342dec90, Meta(creation_dt=datetime.datetime(2020, 9, 27, 4, 1, 32, tzinfo=), creation_host='opi_pc2_2', register_to_eff=None))>
2020-09-27 10:41:15,694:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-09-27 10:41:15,713:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-09-27 10:41:16,440:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-09-27 10:41:16,444:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Sep 2020 19:42:29 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"0e6m-VyJSq0": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-09-27 10:41:16,451:INFO:certbot._internal.main:Obtaining a new certificate
2020-09-27 10:41:18,107:DEBUG:certbot.crypto_util:Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0024_key-certbot.pem
2020-09-27 10:41:18,174:DEBUG:certbot.crypto_util:Creating CSR: /usr/local/etc/letsencrypt/csr/0024_csr-certbot.pem
2020-09-27 10:41:18,181:DEBUG:acme.client:Requesting fresh nonce
2020-09-27 10:41:18,183:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-09-27 10:41:18,358:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-09-27 10:41:18,363:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Sep 2020 19:42:31 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001z_h_MMUEAmIQU223lAwOUgxplx-Dm3Y2UvayXhA7bgk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2020-09-27 10:41:18,364:DEBUG:acme.client:Storing nonce: 0001z_h_MMUEAmIQU223lAwOUgxplx-Dm3Y2UvayXhA7bgk
2020-09-27 10:41:18,367:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "mgerlofsma.nl"\n }\n ]\n}'
2020-09-27 10:41:18,426:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc4NDU2MjEiLCAibm9uY2UiOiAiMDAwMXpfaF9NTVVFQW1JUVUyMjNsQXdPVWd4cGx4LURtM1kyVXZheVhoQTdiZ2siLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "ZoWH6EQEdVpThq18B019klaa7JgN1NZYZ45lk9_8nHW1Dk44MG-x9bOa-HHvT9ULCg-WuI8Yg8nnNCTBU7pteO5SDtHKylkm50vr7dFBiXV9EG35EvUCt9C2JgcvxPUKT3PUpgfvVzGugz9U7L_bd1gytW1VZFbYw-sGWIkYfbBbUpbBBukL-AzhaHqmhVUDQLaHxQrPWeS6ddw1UW5xOZE8z5sONc-ab24iLDs13VgmjU44ta94voww0bVotPHjG06MZZY0qhlVhygASDYNPDDccJjSRpfipHu32QX1AVyYdsCprf4gmPSpsqCz8NPp5iCKn5gHo8cnl2HMHaMRMw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1nZXJsb2ZzbWEubmwiCiAgICB9CiAgXQp9"
}
2020-09-27 10:41:18,626:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 342
2020-09-27 10:41:18,631:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 28 Sep 2020 19:42:31 GMT
Content-Type: application/json
Content-Length: 342
Connection: keep-alive
Boulder-Requester: 97845621
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/97845621/5419733752
Replay-Nonce: 0002GZumbYcBfGperIEtAtngkGOI_-T_4zHdbwrN3fneGkI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2020-10-05T19:42:31.66965436Z",
"identifiers": [
{
"type": "dns",
"value": "mgerlofsma.nl"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/7531914717"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/97845621/5419733752"
}
2020-09-27 10:41:18,633:DEBUG:acme.client:Storing nonce: 0002GZumbYcBfGperIEtAtngkGOI_-T_4zHdbwrN3fneGkI
2020-09-27 10:41:18,635:DEBUG:acme.client:JWS payload:
b''
2020-09-27 10:41:18,692:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7531914717:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc4NDU2MjEiLCAibm9uY2UiOiAiMDAwMkdadW1iWWNCZkdwZXJJRXRBdG5na0dPSV8tVF80ekhkYndyTjNmbmVHa0kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc1MzE5MTQ3MTcifQ",
"signature": "CHtstzYzoLm-_MykpE6UWLQfln01T2zYEWJLAES8IK-Yr0YjWdc-9M6gp5TabKd68bd4OET3qLn8RagwoPxhpe0npYtykzdoKaRVwhKLzfsDgDy2U3VeScuo5itO6MJ5p8IJP9eQXI6MfG6_o9Lg73uku3lvr5yi5l3DGtq7CZGN3q-w9HEXxBu9JZ194HaAI5CB52js1fG8Z5RkNyfkL3PmOvKqj7kGDtGJ5dw9-PL2AXLwRtNxGIBzXKfS9C7dFE7x2VCTBZzA-Fyrc2-XYRmmgn5mmTl_waKJXY2Uj1KvXOYLtJURvpk58dCgZF9T9rVlLwQsDqdS17mAOT9yvg",
"payload": ""
}
2020-09-27 10:41:18,873:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7531914717 HTTP/1.1" 200 791
2020-09-27 10:41:18,878:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Sep 2020 19:42:31 GMT
Content-Type: application/json
Content-Length: 791
Connection: keep-alive
Boulder-Requester: 97845621
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001z_1BNoX8tJhyrxLWoC5MfbLzIH51d3lFBZ9FzbjWWq4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "mgerlofsma.nl"
},
"status": "pending",
"expires": "2020-10-05T19:42:31Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7531914717/dQeyZw",
"token": "jcwDTNBuc1187Fyhp9zAJbqyxV_0ufcwn3dyAkAykXM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7531914717/5Tg1Ug",
"token": "jcwDTNBuc1187Fyhp9zAJbqyxV_0ufcwn3dyAkAykXM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7531914717/DdNKNQ",
"token": "jcwDTNBuc1187Fyhp9zAJbqyxV_0ufcwn3dyAkAykXM"
}
]
}
2020-09-27 10:41:18,880:DEBUG:acme.client:Storing nonce: 0001z_1BNoX8tJhyrxLWoC5MfbLzIH51d3lFBZ9FzbjWWq4
2020-09-27 10:41:18,885:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-09-27 10:41:18,886:INFO:certbot._internal.auth_handler:http-01 challenge for mgerlofsma.nl
2020-09-27 10:41:18,890:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2020-09-27 10:41:18,893:DEBUG:acme.standalone:Successfully bound to :80 using IPv4
2020-09-27 10:41:18,924:INFO:certbot._internal.auth_handler:Waiting for verification...
2020-09-27 10:41:18,926:DEBUG:acme.client:JWS payload:
b'{}'
2020-09-27 10:41:18,983:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/7531914717/dQeyZw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc4NDU2MjEiLCAibm9uY2UiOiAiMDAwMXpfMUJOb1g4dEpoeXJ4TFdvQzVNZmJMeklINTFkM2xGQlo5RnpialdXcTQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzc1MzE5MTQ3MTcvZFFleVp3In0",
"signature": "xE8W-K32jg0sj4l8MniqvnaRSAR7pgkNukzbLHTayjX85ZW1_YugDCCGWDdDKOEBSvVk-Qq9S14Y4tjoXijKjRe3cDtSduFP6LkIrv7ECmRvAOrgUb1fdEUqm0Y6SLN8kQWNJfKG38XgfXGWi3Q1izdlU4sfMxukNaFzyPqD8ahYt-Wo93vxKy5EyMgwBKNvR9tBj_YeaejviLJyUXhpQ61nu5gLVvbJ7erqD8fpYH7sFna7Is7Yt1hw2NsfX7C6fgMv4F0ALS1KpJUN5FPk_bTvsszMBf5AHtWEUPvkGrUCUAaTKZREoX4Kh-vl4Tkn7DoLMWYQzZdZz66ONKXUaw",
"payload": "e30"
}
2020-09-27 10:41:19,168:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/7531914717/dQeyZw HTTP/1.1" 200 185
2020-09-27 10:41:19,173:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Sep 2020 19:42:32 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 97845621
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/7531914717;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/7531914717/dQeyZw
Replay-Nonce: 0002Lx4WwZ9AXJiIcTiREZX-fjZ7iyv_vXZb262Ib7Yb3yc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7531914717/dQeyZw",
"token": "jcwDTNBuc1187Fyhp9zAJbqyxV_0ufcwn3dyAkAykXM"
}
2020-09-27 10:41:19,174:DEBUG:acme.client:Storing nonce: 0002Lx4WwZ9AXJiIcTiREZX-fjZ7iyv_vXZb262Ib7Yb3yc
2020-09-27 10:41:20,217:DEBUG:acme.client:JWS payload:
b''
2020-09-27 10:41:20,276:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7531914717:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc4NDU2MjEiLCAibm9uY2UiOiAiMDAwMkx4NFd3WjlBWEppSWNUaVJFWlgtZmpaN2l5dl92WFpiMjYySWI3WWIzeWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzc1MzE5MTQ3MTcifQ",
"signature": "EjlbFyZuxhkhxZohokUFAtoYZ5F5g1m2W73rzRPy1fXp64PpNEvod9oPt0LOvMWOtEVQBRb7MKdSfwxtzgh9UnOjn7KZg7lqlj7nIzhXFYnaql-RP-V87x6v5XF0frwHlcoXW0y2FRoQP8rcfqk_SjFe2DsS2BdzZii9QUi67JOXfT8La0c7K8lV8OnBDDCvWXooJVe_3o06-MUtSmQ3RAlQyiGgkj1RlkHfn3JsOCtHBBdQ6qhCYaTS07Ck0fNHxGUxXj3tiFFpgXv1y0MJuL7HrrPVK8rwwxb1lZFXlvT2w8pEIJII2fC3TfV1GKKHsPuKZg2m38yTql55KOQnFw",
"payload": ""
}
2020-09-27 10:41:20,457:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/7531914717 HTTP/1.1" 200 1241
2020-09-27 10:41:20,461:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 28 Sep 2020 19:42:33 GMT
Content-Type: application/json
Content-Length: 1241
Connection: keep-alive
Boulder-Requester: 97845621
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00023wI7I8Y0Aitm6EWxpGRSaCMZhfPWACByGnhiwgRdD3g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "mgerlofsma.nl"
},
"status": "invalid",
"expires": "2020-10-05T19:42:31Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://mgerlofsma.nl/.well-known/acme-challenge/jcwDTNBuc1187Fyhp9zAJbqyxV_0ufcwn3dyAkAykXM [2a03:3c00:a001:7010::1]: "\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\n \u003chead\u003e\n \u003ctitle\u003ePlaceholder \u0026ndash; Antagonist\u003c/title\u003e\n\n \u003clink rel=\"stylesheet\" href=\"h"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/7531914717/dQeyZw",
"token": "jcwDTNBuc1187Fyhp9zAJbqyxV_0ufcwn3dyAkAykXM",
"validationRecord": [
{
"url": "http://mgerlofsma.nl/.well-known/acme-challenge/jcwDTNBuc1187Fyhp9zAJbqyxV_0ufcwn3dyAkAykXM",
"hostname": "mgerlofsma.nl",
"port": "80",
"addressesResolved": [
"82.171.99.10",
"2a03:3c00:a001:7010::1"
],
"addressUsed": "2a03:3c00:a001:7010::1"
}
]
}
]
}
2020-09-27 10:41:20,463:DEBUG:acme.client:Storing nonce: 00023wI7I8Y0Aitm6EWxpGRSaCMZhfPWACByGnhiwgRdD3g
2020-09-27 10:41:20,467:WARNING:certbot._internal.auth_handler:Challenge failed for domain mgerlofsma.nl
2020-09-27 10:41:20,468:INFO:certbot._internal.auth_handler:http-01 challenge for mgerlofsma.nl
2020-09-27 10:41:20,470:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: mgerlofsma.nl
Type: unauthorized
Detail: Invalid response from http://mgerlofsma.nl/.well-known/acme-challenge/jcwDTNBuc1187Fyhp9zAJbqyxV_0ufcwn3dyAkAykXM [2a03:3c00:a001:7010::1]: "\n\n\n \n Placeholder – Antagonist\n\n <link rel="stylesheet" href="h"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-09-27 10:41:20,474:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2020-09-27 10:41:20,476:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-09-27 10:41:20,477:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-09-27 10:41:20,480:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2020-09-27 10:41:20,481:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80...
2020-09-27 10:41:20,988:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in
load_entry_point('certbot==1.8.0', 'console_scripts', 'certbot')()
File "/usr/local/lib/python3.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/main.py", line 1358, in main
return config.func(config, plugins)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/main.py", line 1242, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/client.py", line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/client.py", line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/client.py", line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/local/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2020-09-27 10:41:20,997:ERROR:certbot._internal.log:Some challenges have failed.

1 Like

No, it doesn't. That's what your page looks like:

There runs already a webserver.

--standalone would require to stop that webserver first.

So if --standalone doesn't complain about the blocked port 80, you run Certbot on the wrong machine.

So first step: Change your A- and AAAA-records.

1 Like

I think that's because I just shut down the server to do a standalone attempt with it's own temporary server.

Or there is some DNS problem which doesn't make it go worldwide. A week ago I have set it to the adress you saw, which is my home connection. That page is what you see when a domain of that hoster isn't yet configured to anything.

I can see it again with my phone's own internet connection. It only shows "test123".

1 Like

That's because your phone only does IPv4. IPv6 serves a different site: the placeholder @JuergenAuer is talking about. Let's Encrypt prefers IPv6 (like everything should), so it never reaches your server. You should point the AAAA record of your site to your servers IPv6 address, if it has any, or delete it.

2 Likes

Ok, I wasn't aware of that. My modem only does ipv4. I switched off the AAAA records on my domain admin page. Now it seems to work. At least I see "congratulations" after the certbot command, so we'll figure things out further.

Thanks

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.