Issue while generating SSL cert

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: snap.feedontario.ca

I ran this command: sudo certbot certonly --webroot

It produced this output:
Input the webroot for snap.feedontario.ca: (Enter 'c' to cancel): cert
Waiting for verification...
Challenge failed for domain snap.feedontario.ca
http-01 challenge for snap.feedontario.ca
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): ubuntu 18.04

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

1 Like
2

Your Cloudfront distribution is not connecting to your webserver properly.

Try visiting http://snap.feedontario.ca/ and you will see:

Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

Once you get Cloudfront working again, you should be able to request the certificate.

2 Likes
3

Thanks for reply.

But while hitting cloud front default domain I am able to connect my webserver. When I am hitting snap.feedontario.ca domain getting 403 forbidden

2 Likes
4

Welcome to the Let's Encrypt Community :slightly_smiling_face:

Maybe this helps?

1 Like
5

Sorry but you are going wrong directions,I think the issue is from domain name mapping

1 Like
6

Per the video I sent, there's a big difference between a 403 Forbidden and a 404 Not Found. The first is a permissional problem while the second is a missing content problem.

1 Like
7

Did you actually add snap.feedontario.ca as an alternate CNAME in Cloudfront?

screen

The 403 you are getting is the same 403 you would get if you didn't map the domain.

2 Likes
8

No,I haven't add snap.feedontario.ca domain in CNAME of cloudfront distribution setting, because its giving certificate issue.

"com.amazonaws.services.cloudfront.model.InvalidViewerCertificateException: The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add. For more details, see: Using Custom URLs for Files by Adding Alternate Domain Names (CNAMEs) - Amazon CloudFront (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: f7fd0e21-a13f-4cba-955c-02dd17507657; Proxy: null)"

1 Like
9

That's weird.

Did you configure a certificate on your Cloudfront distribution? If you did, get rid of it.

Then go to Amazon ACM and request a certificate for snap.feedontario.ca.

Then add the custom CNAME and the ACM certificate to your Cloudfront distribution.

1 Like
10

THanks for suggestion, But our client is saying generate certificate using lets encrypt.

11

Hello Here,

CAn anyone tell me ,What should I need to put here

Input the webroot for snap.feedontario.ca: (Enter 'c' to cancel)----

12

Hi @andyblaze

what's the root of your website.

A file

http://snap.feedontario.ca/.well-known/acme-challenge/1234

must be sent by your server.

What's the absolute path of

http://snap.feedontario.ca/testfile

if you create such a testfile on the correct place . You have to find the correct place, that's your job.

PS: You didn't fix the problem @_az has explained.

13

Actually My index.html is hosted on s3

14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.