Issues trying to get a certificate with .dev domain

benjam1n507 · March 1, 2019, 3:22am

Hi,
I just got a .dev domain and I’m trying to get a certificate and I’m getting this:
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): benjamincordoba.dev
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for benjamincordoba.dev
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. benjamincordoba.dev (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://benjamincordoba.dev/.well-known/acme-challenge/ZuTRrpoVlVOb6YNKDlzmAHVG0Q22-PAdFs6r--lygB0 [190.218.142.21]: 404

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: benjamincordoba.dev
Type: unauthorized
Detail: Invalid response from
http://benjamincordoba.dev/.well-known/acme-challenge/ZuTRrpoVlVOb6YNKDlzmAHVG0Q22-PAdFs6r--lygB0
[190.218.142.21]: 404

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

Since .dev domains doesnt support request to the port 80. I was wondering if there is any way to get the certificate.

_az · March 1, 2019, 3:35am

This isn't true. .dev is preloaded into HSTS (forcing HTTPS), but that only affects browsers. It doesn't affect any other type of HTTP client, like Let's Encrypt.

What exact command did you use to try and issue that certificate?

If you are running a relatively out-of-the-box Wildfly deployment, one way to issue a certificate is (replacing $WILDFLY_ROOT with your Wildfly directory):

certbot certonly --webroot -w $WILDFLY_ROOT/welcome-content -d benjamincordoba.dev

JuergenAuer · March 1, 2019, 8:36am

Hi @benjam1n507

checked your domain (via https://check-your-website.server-daten.de/?q=benjamincordoba.dev ) you see: Your port 80 works.

Preload doesn't have a effect if the client ignores that.

Domainname	Http-Status	Sec.	G
• http://benjamincordoba.dev/
190.218.142.21	200	0.417	H

• https://benjamincordoba.dev/
190.218.142.21	200	3.823	N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

• http://benjamincordoba.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
190.218.142.21	404	0.417	A
Not Found
Visible Content: 404 - Not Found

But: You have two TXT entries:

TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
benjamincordoba.dev		ok	1
www.benjamincordoba.dev		ok	1
_acme-challenge.benjamincordoba.dev	Z12nQ18Tjt3hP5ZPLnG9hzYTHG_Pzs5oWlbX2ZGRbVY	looks good	1
_acme-challenge.www.benjamincordoba.dev	TsYXU3CTs7SZNG5wHVSIa8w0jxPk1IsLIXQQlptTKQE	looks good	1

which have the correct length and the correct characters.

So it looks you have already used dns-01 - validation to create a certificate with non-www and www.

benjam1n507 · March 1, 2019, 11:27am

Thank's. This command help me out.
And thank you very much for the feedback. This is my very first time trying to use a webserver.

system · March 31, 2019, 11:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.