Manually uploading certificate

My domain is: sub.domain.com

I ran this command: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/sub.domain.com.key -out /etc/ssl/certs/sub.domain.com.crt

And I ran this command:
sudo certbot certonly --standalone -d sub.domain.com
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for sub.domain.com

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: sub.domain.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for sub.domain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for sub.domain.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The operating system my web server runs on is (include version): Ubuntu 22.04

I can login to a root shell on my machine (yes or no, or I don't know): yes

I am operating behind a firewall and I have generated my own cert with the above openssl command. This is a subdomain. When I try and run the certbot command to verify the domain it shows smells me the above posted output. Would I be able to manually hand you guys the cert without using certbot?

I don't think you understand what Let's Encrypt does. It allows you to use an ACME Client to request a cert from the Let's Encrypt ACME Server.

It does not validate certs. And, Certbot is only one of many ACME Clients that can be used.

Also, please don't use valid root domains that you don't own. domain.com is a valid root. Please use your real domain or example.com if you don't have one yet

5 Likes

I have two questions:

  • What are you trying to do?
  • What are you trying to do with certbot?
4 Likes

sub.domain.com was just me censoring the domain. The actual domain is jupyter.ist.ucf.edu. I am trying to have a valid cert when I connect to the domain. This is a subdomain. With certbot I was trying to verify the cert. I understand I might be doing things wrong, I would appreciate it if you would be able to guide me down the right path.

1 Like

Let's Encrypt only issues certs for domain names in the public DNS system.

To get a cert you must satisfy one of the kinds of challenges (HTTP, DNS, TLS-ALPN). You chose the HTTP Challenge which requires a web server to respond to an HTTP request from the Let's Encrypt server (Certbot only makes the request, the LE Servers make the challenge and issue the cert).

Your domain name does not have an A or AAAA record in the DNS so the LE Server could not find your IP to send the HTTP Challenge.

The above is just a general description and explains your error.

I think your path forward is to speak with the university's IT staff. There are numerous other subdomains at ucf.edu that use Let's Encrypt certs. You probably just need guidance from them to setup the DNS and/or firewall access. Given the uni is so active with LE they should be familiar with it.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.