Http-01 challenge failed

Help
1

My domain is: vibetunes.space

I ran this command: sudo certbot --nginx -d api.vibetunes.space -v

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for api.vibetunes.space
Performing the following challenges:
http-01 challenge for api.vibetunes.space
Waiting for verification...
Challenge failed for domain api.vibetunes.space
http-01 challenge for api.vibetunes.space

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: api.vibetunes.space
  Type:   connection
  Detail: <vm-ip-masked>: Fetching http://api.vibetunes.space/.well-known/acme-challenge/i66DklfZQBvnUkcHLFE371XLp-U6Y2T5euZ_S9EimPE: Error getting validation data

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Cloudflare

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

Need help in getting SSL cert.

2

HTTP requests to your domain api.vibetunes.space are not returning any data. This isn't unique to Let's Encrypt. Not even requests for your "home" page return data.

From the name it looks like an API server but it still needs to reply to the HTTP Challenge from the Let's Encrypt server. You chose an HTTP Challenge when you used the --nginx option. And, that's a good choice if you are running nginx but you need to handle HTTP (port 80)

The below test site is helpful when setting up new systems.

3 Likes
3

It appears that 140.245.29.93:80 is administratively blocked judging from the ICMP error message returned (type 3, code 10). Access to port 80 is required for HTTP-01 challenges, you might want to look at TLS-ALPN-01 or DNS-01 if that is not acceptable.

2 Likes
4

Thank you for pointing it out

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.