0
Here I am trying to consume API which use two way SSL Authentication. So, Here to generate Client Side Certificate, I used below mentioned 3 tools:
I set up and nginx server.
Then I tunneled it by using ngrok .
Now I am trying to obtain SSL Certificate through certbot tool, However I am facing below errors:
C:\PROGRA~2\Certbot>certbot -v certonly --standalone -d f345-15-207-23-139.in.ngrok.io Saving debug log to C:\Certbot\log\letsencrypt.log Plugins selected: Authenticator standalone, Installer None Requesting a certificate for f345-15-207-23-139.in.ngrok.io Performing the following challenges: http-01 challenge for f345-15-207-23-139.in.ngrok.io Waiting for verification... Challenge failed for domain f345-15-207-23-139.in.ngrok.io http-01 challenge for f345-15-207-23-139.in.ngrok.io
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: f345-15-207-23-139.in.ngrok.io Type: unauthorized Detail: 2406:da1a:e91:9300::6e:3: Invalid response from https://acme.ngrok.com/.well-known/acme-challenge/ZCLyhCyMTJl-mHlhT84J1DwS41KPCyq48xj65CtUPr0?host=f345-15-207-23-139.in.ngrok.io: 404
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Cleaning up challenges Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org . See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
_az
April 26, 2022, 7:20am
2
What is the ngrok tunnel command you are using? How ngrok behaves with Let's Encrypt challenges varies based on how you are using it.
If you are tunneling ngrok to nginx, then you should be using --nginx or --webroot, not --standalone.
2 Likes
If using the standalone option of certbot it will spin up it's own http server to server the challenge response, so stop nginx fully before you try the certbot command otherwise it's likely to be nginx that's responding. Alternatively use nginx to server the challenge response using the web root method?
2 Likes
rg305
April 26, 2022, 2:28pm
4
There may be an IPv6/IPv4 discrepancy, as they don't return the same content:
curl -Ii6 http://f345-15-207-23-139.in.ngrok.io/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 403 Forbidden
Connection: close
Content-Type: text/html
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Content-Length: 3497
curl -Ii6 https://f345-15-207-23-139.in.ngrok.io/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Referrer-Policy: no-referrer
Date: Tue, 26 Apr 2022 14:29:37 GMT
Content-Length: 879
curl -Ii4 http://f345-15-207-23-139.in.ngrok.io/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 308 Permanent Redirect
Location: https://acme.ngrok.com/.well-known/acme-challenge/Test_File-1234?host=f345-15-207-23-139.in.ngrok.io
Date: Tue, 26 Apr 2022 14:29:44 GMT
curl -Ii4 https://f345-15-207-23-139.in.ngrok.io/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Referrer-Policy: no-referrer
Date: Tue, 26 Apr 2022 14:29:49 GMT
Content-Length: 879
3 Likes
system
May 26, 2022, 2:28pm
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.