Issue while generating SSL cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot certonly --webroot

It produced this output:
Input the webroot for (Enter 'c' to cancel): cert
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


My web server is (include version): ubuntu 18.04

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

1 Like

Your Cloudfront distribution is not connecting to your webserver properly.

Try visiting and you will see:

Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

Once you get Cloudfront working again, you should be able to request the certificate.


Thanks for reply.

But while hitting cloud front default domain I am able to connect my webserver. When I am hitting domain getting 403 forbidden


Welcome to the Let's Encrypt Community :slightly_smiling_face:

Maybe this helps?

1 Like

Sorry but you are going wrong directions,I think the issue is from domain name mapping

1 Like

Per the video I sent, there's a big difference between a 403 Forbidden and a 404 Not Found. The first is a permissional problem while the second is a missing content problem.

1 Like

Did you actually add as an alternate CNAME in Cloudfront?


The 403 you are getting is the same 403 you would get if you didn't map the domain.


No,I haven't add domain in CNAME of cloudfront distribution setting, because its giving certificate issue.

" The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add. For more details, see: Using Custom URLs for Files by Adding Alternate Domain Names (CNAMEs) - Amazon CloudFront (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: f7fd0e21-a13f-4cba-955c-02dd17507657; Proxy: null)"

1 Like

That's weird.

Did you configure a certificate on your Cloudfront distribution? If you did, get rid of it.

Then go to Amazon ACM and request a certificate for

Then add the custom CNAME and the ACM certificate to your Cloudfront distribution.

1 Like

THanks for suggestion, But our client is saying generate certificate using lets encrypt.

Hello Here,

CAn anyone tell me ,What should I need to put here

Input the webroot for (Enter 'c' to cancel)----

Hi @andyblaze

what's the root of your website.

A file

must be sent by your server.

What's the absolute path of

if you create such a testfile on the correct place . You have to find the correct place, that's your job.

PS: You didn't fix the problem @_az has explained.

Actually My index.html is hosted on s3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.