Help - certificate issue failure


#1

Hello team,

Could you please help me figure out my certificate issue problem. Ports 80 and 443 are open, nginx is switched off during certificate request (and when nginx is switched on, I can access http://api.staedl.io so my hosted zone and record set seem to be configured OK)

Details are below.
Thank you!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: api.staedl.io

I ran this command: sudo ./certbot-auto --standalone -d api.staedl.io certonly

It produced this output: Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1352, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1227, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 123, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. api.staedl.io (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for api.staedl.io


it appears I’ve tried above a few too many times since I’m now getting:

An unexpected error occurred:

There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): nginx/1.12.1

The operating system my web server runs on is (include version): AWS Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Hi @pavelak

checking your domain, querying your name servers (via https://check-your-website.server-daten.de/?q=api.staedl.io ):

Host T IP-Address ∑ Queries ∑ Timeout
api.staedl.io Name Error
www.api.staedl.io Name Error

There are no ip addresses defined. If you want to use standalone, your domain must have an ip address.


#3

Oh… Thanks Juergen, it looks like i’ve misconfigured it while trying ((
Does that mean that once I re-configure I should be able to retry since there’s a limit of 5 failed validations per hour?


#4

Thank you, all good after fixing route 53 cfg :grinning:


#5

Yes, that should work.

Now you have an ip address:

Host T IP-Address ∑ Queries ∑ Timeout
api.staedl.io A 13.236.231.206 1 0
www.api.staedl.io Name Error

The failed validation limit is only a one-hour-limit.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.