I don't have a live directory in my letencrypt installation folder

ravanely · July 22, 2022, 11:59am

Veuillez remplir les champs ci-dessous pour que nous puissions vous aider. Remarque : vous devez fournir votre nom de domaine pour obtenir de l’aide. Les noms de domaine des certificats émis sont tous rendus publics dans les journaux de Transparence de Certificat (par exemple, crt.sh | example.com). Par conséquent, le fait de ne pas indiquer votre nom de domaine ici n’aide pas à le garder secret, mais rend plus difficile pour nous le fait de vous aider.

Je peux lire des réponses en Anglais :

Mon nom de domaine est : http://b2i-dev.tech/

J’ai exécuté cette commande : sudo certbot certonly --standalone -d b2i-dev.tech

Elle a produit cette sortie :

Mon serveur Web est (inclure la version) :

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) : Debian 4.19.249-2 (2022-06-30) x86_64 GNU/Linux

Mon hébergeur, le cas échéant, est : OVH

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : Oui

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : non

MikeMcQ · July 22, 2022, 12:59pm

Welcome @ravanely

I hope you can read English answers. Your certbot standalone failed because you have a server running on port 80 so certbot could not bind to it.

You should consider using certonly with webroot instead since I see you have a server running. Or, be sure to stop your server while running standalone and restart it after.

https://eff-certbot.readthedocs.io/en/stable/using.html#webroot

MikeMcQ · July 22, 2022, 2:06pm

I saw your responses on the other thread. They will be moved here shortly.

Something must still be using port 80. Can you show result of this

sudo netstat -pant | grep -i listen | grep 80

ravanely · July 22, 2022, 2:09pm

MikeMcQ · July 22, 2022, 2:13pm

You have Apache using port 80. The certbot standalone needs port 80 so that is why it fails with the bind error.

ravanely · July 22, 2022, 2:21pm

the problem has evolved after deactivating the apache server:

MikeMcQ · July 22, 2022, 2:30pm

We can try to debug the standalone failure. But, is there a reason you need to use that rather than webroot? Or, even use the Apache plug-in?

Usually people don't want to keep their server running. Using webroot, or even the Apache plug-in, uses Apache to authenticate and get a cert.

Standalone is more difficult to debug. If you could explain more of what you are trying we can proceed on the best path.

ravanely · July 22, 2022, 2:36pm

I am at my first installation of letsencrypt. the context is as follows:
I have a debian server and an application running on tomcat that I want to secure. I don't even need apche2 on this server, it's by watching tutorials that I installed apache. I just want to secure a tomcat server listening on port 80 with letsencrypt. Nothing else

ravanely · July 22, 2022, 1:47pm

Thank you for your prompt reaction.
I use iptables to redirect incoming streams on port 80 to another port.

In addition, I deleted all iptables rules, and stopped the application that was running on the redirect port. I then ran the command sudo certbot certonly --standalone -d b2i-dev.tech again with no success.

And yes, I read the answers in English very well. it's the expression and the writing that is problematic for me

ravanely · July 22, 2022, 1:49pm

The same problem appear in logs.
2022-07-22 13:38:33,088:DEBUG:acme.client:Storing nonce: 01018FF2koZUecwxRgp4yRHheaW64RcH3_Xy6bD3FnJ7dcA
2022-07-22 13:38:33,088:INFO:certbot.auth_handler:Performing the following challenges:
2022-07-22 13:38:33,088:INFO:certbot.auth_handler:http-01 challenge for b2i-dev.tech
2022-07-22 13:38:33,089:DEBUG:acme.standalone:Failed to bind to :80 using IPv6
2022-07-22 13:38:33,089:DEBUG:acme.standalone:Failed to bind to :80 using IPv4
2022-07-22 13:38:33,090:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 76, in run
address, self.http_01_resources)
File "/usr/lib/python3/dist-packages/acme/standalone.py", line 189, in init
BaseDualNetworkedServers.init(self, HTTP01Server, *args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/standalone.py", line 108, in init
raise socket.error("Could not bind to IPv4 or IPv6.")
OSError: Could not bind to IPv4 or IPv6.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 234, in perform
return [self._try_perform_single(achall) for achall in achalls]
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 234, in
return [self._try_perform_single(achall) for achall in achalls]
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 241, in _try_perform_single
_handle_perform_error(error)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 239, in _try_perform_single
return self._perform_single(achall)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 245, in _perform_single
servers, response = self._perform_http_01(achall)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 254, in _perform_http_01
servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 78, in run
raise errors.StandaloneBindError(error, port)
certbot.errors.StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

2022-07-22 13:38:33,090:DEBUG:certbot.error_handler:Calling registered functions
2022-07-22 13:38:33,090:INFO:certbot.auth_handler:Cleaning up challenges
2022-07-22 13:38:33,090:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 76, in run
address, self.http_01_resources)
File "/usr/lib/python3/dist-packages/acme/standalone.py", line 189, in init
BaseDualNetworkedServers.init(self, HTTP01Server, *args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/standalone.py", line 108, in init
raise socket.error("Could not bind to IPv4 or IPv6.")
OSError: Could not bind to IPv4 or IPv6.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 234, in perform
return [self._try_perform_single(achall) for achall in achalls]
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 234, in
return [self._try_perform_single(achall) for achall in achalls]
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 241, in _try_perform_single
_handle_perform_error(error)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 239, in _try_perform_single
return self._perform_single(achall)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 245, in _perform_single
servers, response = self._perform_http_01(achall)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 254, in _perform_http_01
servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 78, in run
raise errors.StandaloneBindError(error, port)
certbot.errors.StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.

MikeMcQ · July 22, 2022, 2:47pm

Thanks for explanation. Many people have problems setting up tomcat. What version of tomcat are you using? And, what version of certbot (certbot --version). Newer versions of both are easier to work with.

ravanely · July 22, 2022, 3:27pm

Apache Tomcat Version 9.0.65

ravanely · July 22, 2022, 3:27pm

certbot 0.31.0

MikeMcQ · July 22, 2022, 3:39pm

Oh, that certbot is very old. I am not sure this will work. But, try

sudo certbot certonly --standalone -d b2i-dev.tech --debug-challenges -v

Current certbots will pause so you can send test requests at the standalone. I am not sure what will happen for version 0.31 but try it anyway.

If it does pause, leave it that way and show anything it displays

ravanely · July 22, 2022, 3:49pm

debian@vps-bf6e1476:~$ sudo certbot certonly --standalone -d b2i-dev.tech --debug-challenges -v
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator standalone and installer None
Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f90d1f792b0>
Prep: True
Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f90d1f792b0> and installer None
Plugins selected: Authenticator standalone, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/641230146', new_authzr_uri=None, terms_of_service=None), 84c960d659736812ae3b1a9756577893, Meta(creation_dt=datetime.datetime(2022, 7, 21, 15, 56, 51, tzinfo=), creation_host='debian.example.com'))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
Received response:
HTTP 200
Server: nginx
Date: Fri, 22 Jul 2022 15:48:53 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"lP4cKDeL2ww": "Adding random entries to the directory",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Fri, 22 Jul 2022 15:48:53 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0101i8imp_9eCHC2DdVwboLB0DMZKTHg_8r3GHGnCKHPzKo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

Storing nonce: 0101i8imp_9eCHC2DdVwboLB0DMZKTHg_8r3GHGnCKHPzKo
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "b2i-dev.tech"\n }\n ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjQxMjMwMTQ2IiwgIm5vbmNlIjogIjAxMDFpOGltcF85ZUNIQzJEZFZ3Ym9MQjBETVpLVEhnXzhyM0dIR25DS0hQektvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "a-ctXIPUDWhgq3SgTQ1H5Q8ZckGKhDOLhoVykzKKpVbEifOtosQpnsWeuCwydmLDs1KmZYJFJFtpQ2cgiPeVJrLXu4IJtso_u_B6G3WFn7OHHJW4qhbwb2yQaaAp8pp4aAwa9imeSfPiC7qSkIhqH7ouCLx-ASqKJeB12yqVTfPqb7D38oLXi0l3VnLVpqXoiZ1EEWd_Quayng4Lss3a29SlC5bMNSOS2-1Rs3FY3VZxZYF-9-zMtciRo_-oKrobBC41R07uJbvji7gJVZQ5J4RIBOy_HjujTVQpJuW0raE6xFrPGnSyHaNn8h4FxqHrLptgas9bO416E4P5RKTNEw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImIyaS1kZXYudGVjaCIKICAgIH0KICBdCn0"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 337
Received response:
HTTP 201
Server: nginx
Date: Fri, 22 Jul 2022 15:48:54 GMT
Content-Type: application/json
Content-Length: 337
Connection: keep-alive
Boulder-Requester: 641230146
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/641230146/109127996536
Replay-Nonce: 0101mqFyjvo-PDApv1kGXgwIVWmCMmjT-Ki7JlakfsRLifk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2022-07-29T15:48:54Z",
"identifiers": [
{
"type": "dns",
"value": "b2i-dev.tech"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/133465247976"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/641230146/109127996536"
}
Storing nonce: 0101mqFyjvo-PDApv1kGXgwIVWmCMmjT-Ki7JlakfsRLifk
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/133465247976:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjQxMjMwMTQ2IiwgIm5vbmNlIjogIjAxMDFtcUZ5anZvLVBEQXB2MWtHWGd3SVZXbUNNbWpULUtpN0psYWtmc1JMaWZrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzM0NjUyNDc5NzYifQ",
"signature": "Q4jkqqBSfxTHeL-AjNUJk_0SmKEr7xKtxdqDu0qyIhbR--XslCEaTUoi99J84GAbuipne9pp52aZGtansgFdsmQbw-t2CpJfWv68TerKycdTFhqA51bitLAvntQOt1qVudoq6EDZRGk3d3CbCYL51oZCg3TL2pib1khgxJPilzCt0lL7yY9D__H_8gDdF75d-A9mQuQ5-QXESMkWkg-RbM0U716-CL66tamiVKNXdPy7SGWqhYiYjxZHXYTuIb7Q1pfX-TsUed1bd3f2D9Xs0r2D0ZyPgIuVrXRtyDSw6IgT2HUjiVzHdhSSjAfRyPYSq3J9F8n7UsKVBTCYIlU0pg",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/133465247976 HTTP/1.1" 200 796
Received response:
HTTP 200
Server: nginx
Date: Fri, 22 Jul 2022 15:48:54 GMT
Content-Type: application/json
Content-Length: 796
Connection: keep-alive
Boulder-Requester: 641230146
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 01015q9hwirbihUuEcioXJadrA2EZKMuhvPmwm8KqGUt6Y0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "b2i-dev.tech"
},
"status": "pending",
"expires": "2022-07-29T15:48:54Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/133465247976/W8mhLA",
"token": "6xQv3WdaqiiRlS3LSYSE4Sdw_hNwBBEtYcAHojTofDg"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/133465247976/TmAa0w",
"token": "6xQv3WdaqiiRlS3LSYSE4Sdw_hNwBBEtYcAHojTofDg"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/133465247976/nQNgmQ",
"token": "6xQv3WdaqiiRlS3LSYSE4Sdw_hNwBBEtYcAHojTofDg"
}
]
}
Storing nonce: 01015q9hwirbihUuEcioXJadrA2EZKMuhvPmwm8KqGUt6Y0
Performing the following challenges:
http-01 challenge for b2i-dev.tech
Successfully bound to :80 using IPv6
Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
Waiting for verification...

Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.

Press Enter to Continue

ravanely · July 22, 2022, 3:50pm

Why not update and rerun the installation?

MikeMcQ · July 22, 2022, 4:03pm

It looks like you did not stop Apache before trying certbot standalone. The bind port 80 happened again. You did not have that error the previous time.

It would be better if you could update certbot. Instructions are here:

ravanely · July 22, 2022, 4:27pm

I completly remove apache and update cerbot to version 1.29.0
After run sudo certbot certonly --standalone -d b2i-dev.tech again, I have the following result:

ravanely · July 22, 2022, 4:29pm

The log file display:

2022-07-22 16:24:16,162:DEBUG:acme.client:Storing nonce: 0102F_FJFR62hUO39Ch9J0vG8_K8dCqORqhDUkMjSIhGbbE
2022-07-22 16:24:16,163:INFO:certbot._internal.auth_handler:Challenge failed for domain b2i-dev.tech
2022-07-22 16:24:16,163:INFO:certbot._internal.auth_handler:http-01 challenge for b2i-dev.tech
2022-07-22 16:24:16,163:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: b2i-dev.tech
Type: connection
Detail: 141.94.27.217: Fetching Gest-micro-fin - Login Connection refused

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2022-07-22 16:24:16,165:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-07-22 16:24:16,165:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-07-22 16:24:16,165:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-07-22 16:24:16,165:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2022-07-22 16:24:16,349:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/2192/bin/certbot", line 8, in
sys.exit(main())
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1744, in main
return config.func(config, plugins)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 1591, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/2192/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-07-22 16:24:16,359:ERROR:certbot._internal.log:Some challenges have failed.

MikeMcQ · July 22, 2022, 4:30pm

Try

sudo certbot certonly --standalone -d b2i-dev.tech --debug-challenges -v

Current certbots will pause so you can send test requests at the standalone.

Show what it says but do not press enter to continue - leave it paused