How to supply them to have a signed certificate directly? I tried --certonly, --standalone & --csr option, but it still asked me to create a file in .well-known directory, which I currently are having difficulties to do so.
if it isn’t possible to create that file, you can’t use http validation.
Switch to dns validation:
--preferred-challenges dns instead of
--standalone should work.
But that requires that you are able to create a DNS TXT entry.
That’s part of the hostname validation process, in this case through the
http-01 challenge. (See the link above.)
Your hostname needs to be validated one way or another. Let’s Encrypt won’t issue a certificate without proper validation (it’s required to do so).
Also you’d need to repeat this elaborate manual process every 60 to 90 days (Let’s Encrypt certificates are only valid for 90 days and Let’s Encrypt recommends renewing the certificate after 60 days, which includes validating the hostname(s) again).
Do you really don’t have a way to automate this process? Is this private key and CSR generation by your hoster the only way? Unfortunately, you didn’t get the questionnaire which should be presented to you when you opened this thread in the
Help section or you decided to delete it. Here it is again, please enter as much information as possible:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
Thanks for the replies.
I’ve placed the file in .well-known and is accessible with the URL http://beyblade.epizy.com/.well-known/acme-challenge/W8TysRFwtnc6UmQIC68aqR2X7_6iWtOwjbZdpbzV_IA. But what the certbot could get is
Command run was
certbot certonly --manual --preferred-challenges http -d beyblade.epizy.com --csr ~/downloads/csr.der
Hosting provider: Infinityfree
the known aes.js script.
That blocks the Letsencrypt validation via http.
Yep, that’s expected. Infinityfree blocks validation via http.
So switch to dns validation.
So the validation file is hidden.
Strangely enough I’m getting 403 forbidden errors through
curl. Looks like the server behaves differently for different HTTP clients.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.