Getting 404 unauthorized while creating certificate using certbot

Help
1

My domain is: infrasingularity.com

I ran this command: sudo certbot certonly -d infrasingularity.com

It produced this output: Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: infrasingularity.com
Type: unauthorized
Detail: 2600:1f18:2489:8200::c8: Invalid response from http://infrasingularity.com/.well-known/acme-challenge/WCsef7wLu95N0WPGziQEOkDcLigqDGKLqZhCZDlEFDs: 404

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: Netlify

I can login to a root shell on my machine (yes or no, or I don't know): yes

Can anyone please help me in it?

2

it shows valid cert the 2 months left, why you want to renew it?

3 Likes
3

we need two parameters ssl_certificate (fullchain.pem) & ssl_certificate_key (privkey.pem) for proceeding further

4

What shows?:

certbot certificates

3 Likes
5

No certificates found.
previous one was generated from an instance that no longer exists I guess

6

Well, this is likely going to be problematic:

Name:      infrasingularity.com
Addresses: 2600:1f18:2489:8202::c8
           2600:1f18:16e:df00::64
           54.161.234.33
           44.217.161.11

If you are using Netlify, aren't they obtaining a cert for your use?

3 Likes
7

Basically we need to obtain two more certs for subdomains and then create nginx config file for them. That config file requires the following two params:
ssl_certificate /etc/letsencrypt/live/your-site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-site.com/privkey.pem;

I have added the subdomains to our nameserver and there is no authorization problem in that, only for the main domain we are facing authorization issue.

8

Have you tried using DNS-01 authentication?

2 Likes
9

no, is there any guide on how to do it?

10

Start here:
Getting Started - Let's Encrypt (letsencrypt.org)

4 Likes
11

You, or someone, got a wildcard cert for your apex name on Jul9. Wildcards require a DNS Challenge so it worked before. And, requests to your apex show it using that wildcard cert.

Why do you think you need another cert for your apex domain? As @rg305 pointed out your apex uses Netlify (which uses AWS services) and what looks like a load balancer. Netlify probably manage that cert for you.

Your two subdomains (eth and lava) have DNS records that point directly to an nginx server. So, the methods available to get a cert for those are different than your apex.

image
image2751×300 59.7 KB

3 Likes
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.