I have a paid domain on godaddy but i can't get cert for it from letsencrypt

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:contactsocialmedia.com

I ran this command:./getssl contactsocialmedia.com

It produced this output:for some reason we cant get cert … it look like firewall

My web server is (include version):AWS

The operating system my web server runs on is (include version):LAST VERSION

My hosting provider, if applicable, is:gidaddy

I can login to a root shell on my machine (yes or no, or I don’t know):YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):last version

1 Like

Hi @sad.noscom

checking your domain there is no answer - https://check-your-website.server-daten.de/?q=contactsocialmedia.com

Only timeouts:

Domainname Http-Status redirect Sec. G
http://contactsocialmedia.com/ 18.219.1.50 -14 10.020 T
Timeout - The operation has timed out
http://www.contactsocialmedia.com/ 18.219.1.50 -14 10.040 T
Timeout - The operation has timed out
https://contactsocialmedia.com/ 18.219.1.50 -14 10.046 T
Timeout - The operation has timed out
https://www.contactsocialmedia.com/ 18.219.1.50 -14 10.150 T
Timeout - The operation has timed out
http://contactsocialmedia.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 18.219.1.50 -14 10.043 T
Timeout - The operation has timed out
Visible Content:
http://www.contactsocialmedia.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 18.219.1.50 -14 10.030 T
Timeout - The operation has timed out

A working port 80 is required.

Find that firewall and open port 80.

Or switch to dns validation.

3 Likes

this all errors i recived after open port 80 , i use AWS

ec2-user@kali:~/certbot$ ./letsencrypt-auto
Requesting to rerun ./letsencrypt-auto with root privileges…
./letsencrypt-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate and install certificates?


1: Apache Web Server plugin (apache)
2: Nginx Web Server plugin (nginx)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Plugins selected: Authenticator nginx, Installer nginx
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): contactsocialmedia.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for contactsocialmedia.com
Waiting for verification…
Challenge failed for domain contactsocialmedia.com
http-01 challenge for contactsocialmedia.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: contactsocialmedia.com
    Type: connection
    Detail: Fetching
    http://contactsocialmedia.com/.well-known/acme-challenge/TjX8j6M_ZwCyCWPqBw5Es6aKWNDSnWEmqiS2PuwURGs:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

1 Like

You have an incomplete or missing configuration.

If you want to create a certificate this way, you need a running and working webserver / port 80 / http.

Install it, use the online tool to check, if port 80 works. Then try it again.

i check my aws ip by nmap and found that port 80 is opened , apache2 and nginx already installed and the last version both

80/tcp open http

You can’t use both packets with the same port.

And there

http://contactsocialmedia.com/

is no answer.

1 Like

so what i should do now ? sorry to interrupt you

You should get your webserver to respond without ssl. Then you can add ssl.

1 Like

that what i try to doing , but how … i follow the instructions but nothing happy … is it error from godaddy or what ?

Do you know how to install a webserver and configure it on the operative system you have on aws?

1 Like

actually no … can provide me with complete steps

There are nearly infinite ways to do that, depends on what you need.

i need apache2 webserver

i completely removed nginx and install apache2 and it run with no problem and i can access to index.html from outside the AWS , but still get the same error

I can’t. Same problem, timeout. Use online tools to check that, not your local browser.

1 Like

I try it online many times , but get the following error

Domain “mydomain.com” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3730293532/27c3ww” was:

Warning: Your verification URL is not returning the correct contents to our verification servers. The URL looks like it is blocking bots and which inadvertently blocks our servers from receiving the correct content. Contact your host, a professional developer or admin for further help with fixing it.

Error: No TXT record found at _acme-challenge.mydomain.com

Full Error: { “type”: “dns-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: “No TXT record found at _acme-challenge.mydomain.com”, “status”: 403 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3730293532/27c3ww”, “token”: “-JkYSyKbOx7LbBUZPxJu8GLDg” }

That’s dns validation, not http validation, a completely different challenge type.

Read

Did you create a TXT entry?

1 Like

Yes i creat TXT record name ( host ) and value and adjust ttl 600 second , for http challenge I can’t make it because my godaddy account not pro and I can’t reach to my cpanel to make a folder and put

http://<YOUR_DOMAIN>/.well-known/acme-challenge/

Really sorry to interrupt you

You have created the wrong TXT entries. Read https://check-your-website.server-daten.de/?q=contactsocialmedia.com#txt

Your menu adds the main domain name, so your domain name is duplicated.

Add only entries with

_acme-challenge (non-www)

and

_acme-challenge.www (www)

then the result should be correct.

2 Likes

Finally it work … sir … i want to thank you really … you help me … really really thank you . You’re the best sir

Thanks for your kindly interest

3 Likes