Hello everyone! I have a Raspberry Pi with Raspberry Pi OS. I run on it a WEB server with AdGuard Home that I installed via the command terminal as indicated in the official AdGuard Home procedure. Today, I want to secure my interface with Let's Encrypt. I followed the AdGuard (Encryption · AdguardTeam/AdGuardHome Wiki · GitHub) and Let's encrypt (Certbot Instructions | Certbot) procedure to do so but I am stuck at the step to install certbot. When I run in the command terminal: "sudo certbot certonly --webroot", I get this answer: Certbot failed to authenticate some domains (authenticator: webroot).
The Certificate Authority reported these problems:
Domain: *************.zapto.org
Type: unauthorized
Detail: 90.89.6.: Invalid response from
http://************.zapto.org/.well-known/acme-challenge/n1RX5TJvGuwU-TbRkUjATXz4bSyj2R3OgSy2CdY8hHU:
403
Hint: The Certificate Authority failed to download the temporary
challenge files created by Certbot. Ensure that the listed domains
serve their content from the provided --webroot-path/-w and that files
created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile
/var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for
more details.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Hint: The Certificate Authority failed to download the temporary
challenge files created by Certbot. Ensure that the listed domains
serve their content from the provided --webroot-path/-w and that files
created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org 1. See the logfile
/var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for
more details.
Your domain is sending an HTTP 403 Forbidden error for any request to the /.well-known/acme-challenge path. You should review your server and firewall settings to see why
Hello ! I have an Orange LiveBox... Ports 80 and 443 are redirected to my raspberry pi ( TCP and UDP ). My firewall is in medium mode (recommended): "The firewall filters all incoming connections. Outgoing connections are allowed except for Netbios services".
Thanks
Yes, HTTP requests to your domain's "home page" work fine. But, other requests fail. Maybe your server is sending a 403 Forbidden instead of a 404 Not Found. If that is happening then make sure the --webroot-path matches your server's document root folder.
You have not said what server you are using (Apache, nginx, other?) so I can't provide specific advice.
curl -i http://bloqueurdepubs.zapto.org
HTTP/1.1 302 Found
Location: /login.html
Date: Fri, 07 Apr 2023 15:28:50 GMT
Content-Length: 0
curl -i http://bloqueurdepubs.zapto.org/login.html
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 848
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 07 Apr 2023 15:28:55 GMT
(partial content...)
<!doctype html><html lang="en"><head><meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no">
<title>Login</title><link href="login.f0a411020bc3f1c91731.css" rel="stylesheet">
</head><body><noscript>You need to enable JavaScript to run this app.</noscript>
(another example of 403 Forbidden for what should be 404 Not Found)
curl -i http://bloqueurdepubs.zapto.org/FakePage.html
HTTP/1.1 403 Forbidden
Date: Fri, 07 Apr 2023 15:30:00 GMT
Hi, apologies for not being able to get back to this discussion a little earlier! I didn't quite understand your last answer... Also, I have no idea which server I am using for AdGuard Home, but I installed it following the steps in this article : https://raspberrytips.fr/adguard-home-sur-raspberry-pi/. Finally, I checked again the ports of my LiveBox and everything is fine on that side.
Sorry again and thank you all (I'll be faster in my next answer)!
The instructions you linked to for getting a Let's Encrypt cert for AdGuard shows using the DNS Challenge to get a cert. You are instead using the HTTP Challenge with --webroot.
The AdGuard server is not responding to the HTTP challenge requests properly. You should either follow the DNS Challenge instructions or contact AdGuard how to use it with HTTP Challenge.
Maybe some other volunteer has done this but I have not. So, sorry cannot help further.