I can not add cert for my domain

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: innovainst.pp.ua

I ran this command: sudo certbot --nginx -d innovainst.pp.ua

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for innovainst.pp.ua

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: innovainst.pp.ua
  Type:   unauthorized
  Detail: 195.149.114.22: Invalid response from https://parkpage.nic.ua/?fqdn=innovainst.pp.ua: "<!doctype html>\n<html lang=\"\">\n<head>\n<meta charset=\"utf-8\">\n<meta name=\"description\" content=\"NIC.UA &#9742; +380 44 593-32-22\""

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ununtu 22.04

My hosting provider, if applicable, is: domen Вхід в кабінет | NIC.UA, host - digitalocean

I can login to a root shell on my machine (yes or no, or I don't know): certbot 2.8.0

Logs:

2023-12-07 09:04:32,903:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/291248781746 HTTP/1.1" 200 1469
2023-12-07 09:04:32,904:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Dec 2023 09:04:32 GMT
Content-Type: application/json
Content-Length: 1469
Connection: keep-alive
Boulder-Requester: 1452560446
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 65r2Q3lMucIgujm2zu4lOGy0Kh0wdSJ1YuuwzSZPQhPTaLs7LJ8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "innovainst.pp.ua"
  },
  "status": "invalid",
  "expires": "2023-12-14T09:04:27Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "195.149.114.22: Invalid response from https://parkpage.nic.ua/?fqdn=innovainst.pp.ua: \"\u003c!doctype html\u003e\\n\u003chtml lang=\\\"\\\"\u003e\\n\u003chead\u003e\\n\u003cmeta charset=\\\"utf-8\\\"\u003e\\n\u003cmeta name=\\\"description\\\" content=\\\"NIC.UA \u0026#9742; +380 44 593-32-22\\\"\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/291248781746/tp_d9w",
      "token": "GYtfS8JACyOsDMDHnbVQarPJeeqWxU6v5Ocmx88JzL0",
      "validationRecord": [
        {
          "url": "http://innovainst.pp.ua/.well-known/acme-challenge/GYtfS8JACyOsDMDHnbVQarPJeeqWxU6v5Ocmx88JzL0",
          "hostname": "innovainst.pp.ua",
          "port": "80",
          "addressesResolved": [
            "195.149.114.22"
          ],
          "addressUsed": "195.149.114.22"
        },
        {
          "url": "https://parkpage.nic.ua/?fqdn=innovainst.pp.ua",
          "hostname": "parkpage.nic.ua",
          "port": "443",
          "addressesResolved": [
            "195.149.114.22"
          ],
          "addressUsed": "195.149.114.22"
        }
      ],
      "validated": "2023-12-07T09:04:28Z"
    }
  ]
}
2023-12-07 09:04:32,905:DEBUG:acme.client:Storing nonce: 65r2Q3lMucIgujm2zu4lOGy0Kh0wdSJ1YuuwzSZPQhPTaLs7LJ8
2023-12-07 09:04:32,905:INFO:certbot._internal.auth_handler:Challenge failed for domain innovainst.pp.ua
2023-12-07 09:04:32,906:INFO:certbot._internal.auth_handler:http-01 challenge for innovainst.pp.ua
2023-12-07 09:04:32,906:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: innovainst.pp.ua
  Type:   unauthorized
  Detail: 195.149.114.22: Invalid response from https://parkpage.nic.ua/?fqdn=innovainst.pp.ua: "<!doctype html>\n<html lang=\"\">\n<head>\n<meta charset=\"utf-8\">\n<meta name=\"description\" content=\"NIC.UA &#9742; +380 44 593-32-22\""

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2023-12-07 09:04:32,909:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-12-07 09:04:32,909:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-12-07 09:04:32,909:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-12-07 09:04:34,092:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3566/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/main.py", line 1869, in main
    return config.func(config, plugins)
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-12-07 09:04:34,094:ERROR:certbot._internal.log:Some challenges have failed.
2

You can't get a cert for a domain that is "parked" [using HTTP authentication].

3 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.