Issues trying to get a certificate with .dev domain

#1

Hi,
I just got a .dev domain and I’m trying to get a certificate and I’m getting this:
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): benjamincordoba.dev
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for benjamincordoba.dev
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. benjamincordoba.dev (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://benjamincordoba.dev/.well-known/acme-challenge/ZuTRrpoVlVOb6YNKDlzmAHVG0Q22-PAdFs6r--lygB0 [190.218.142.21]: 404

IMPORTANT NOTES:

Since .dev domains doesnt support request to the port 80. I was wondering if there is any way to get the certificate.

#2

This isn’t true. .dev is preloaded into HSTS (forcing HTTPS), but that only affects browsers. It doesn’t affect any other type of HTTP client, like Let’s Encrypt.

What exact command did you use to try and issue that certificate?

If you are running a relatively out-of-the-box Wildfly deployment, one way to issue a certificate is (replacing $WILDFLY_ROOT with your Wildfly directory):

certbot certonly --webroot -w $WILDFLY_ROOT/welcome-content -d benjamincordoba.dev
4 Likes
#3

Hi @benjam1n507

checked your domain (via https://check-your-website.server-daten.de/?q=benjamincordoba.dev ) you see: Your port 80 works.

Preload doesn’t have a effect if the client ignores that.

Domainname Http-Status redirect Sec. G
http://benjamincordoba.dev/
190.218.142.21 200 0.417 H
https://benjamincordoba.dev/
190.218.142.21 200 3.823 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://benjamincordoba.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
190.218.142.21 404 0.417 A
Not Found
Visible Content: 404 - Not Found

But: You have two TXT entries:

TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
benjamincordoba.dev ok 1 0
www.benjamincordoba.dev ok 1 0
_acme-challenge.benjamincordoba.dev Z12nQ18Tjt3hP5ZPLnG9hzYTHG_Pzs5oWlbX2ZGRbVY looks good 1 0
_acme-challenge.www.benjamincordoba.dev TsYXU3CTs7SZNG5wHVSIa8w0jxPk1IsLIXQQlptTKQE looks good 1 0

which have the correct length and the correct characters.

So it looks you have already used dns-01 - validation to create a certificate with non-www and www.

1 Like
#4

Thank’s. This command help me out.
And thank you very much for the feedback. This is my very first time trying to use a webserver.
:slight_smile:

1 Like
closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.