Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: live.boldly.app
I ran this command: certbot --manual certonly
It produced this output:
Plugins selected: Authenticator manual, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): live.boldly.app
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for live.boldly.app
Performing the following challenges:
http-01 challenge for live.boldly.app
Create a file containing just this data:
HtIf38kLhzkd460febvZXXpfUlzCRQmpnZQKPEMzKPs.kIFfuDcQrs71xNiHlynU6K8THV8EdoPmBhXgu0IuUA4
And make it available on your web server at this URL:
http://live.boldly.app/.well-known/acme-challenge/HtIf38kLhzkd460febvZXXpfUlzCRQmpnZQKPEMzKPs
Press Enter to Continue
Waiting for verification...
←[31mChallenge failed for domain live.boldly.app←[0m
http-01 challenge for live.boldly.app
Cleaning up challenges
←[31mSome challenges have failed.←[0m
←[1m
IMPORTANT NOTES:
←[0m - The following errors were reported by the server:
Domain: live.boldly.app
Type: unauthorized
Detail: Invalid response from
http://live.boldly.app/.well-known/acme-challenge/HtIf38kLhzkd460febvZXXpfUlzCRQmpnZQKPEMzKPs
[54.255.160.35]: 202
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): AWS EC2 Load Balancer
The operating system my web server runs on is (include version): Linux
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):NO
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.14.0
The AWS has a load balancer in front of two web servers.
The certificate was produced from my PC using a manual process for a number of reasons. it worked last time.
I cannot get the web servers to make a file in .well-known/acme-challenge and make them available. I suspect it is to do with all traffic going to https and certbot only uses non https.
I get around this by creating a response in the AWS console. all traffic matching /.well-known/ is sent a 202 response with the string produced by certbot in it.
That worked last time. this time it is failing with Invalid response from ( file name) [ip address] 202
Going into a linux box and running the command
curl http://live.boldly.app/.well-known/acme-challenge/HtIf38kLhzkd460febvZXXpfUlzCRQmpnZQKPEMzKPs
returns
HtIf38kLhzkd460febvZXXpfUlzCRQmpnZQKPEMzKPs.kIFfuDcQrs71xNiHlynU6K8THV8EdoPmBhXgu0IuUA4
the return is exactly the string shown above by certbot.
The curl is the exact file name it is meant to get.
Why am I unable to get a certificate returned?
