Not able to create certificate using certbot certonly manual

darvein · April 21, 2020, 11:10pm

Hello everyone!

I want to request a certificate for a test subdomain, I don’t have access to the DNS of the subdomain neither the web server. So I want to create the cert remotely from my computer.

~/tmp/certbot 6s » ./poc.sh
Saving debug log to /home/n0kt/tmp/certbot/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nossl.nextbrave.com
Running manual-auth-hook command: authenticator.sh
Waiting for verification...
Challenge failed for domain nossl.nextbrave.com
http-01 challenge for nossl.nextbrave.com
Cleaning up challenges
Running manual-cleanup-hook command: cleanup.sh
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: nossl.nextbrave.com
   Type:   unauthorized
   Detail: Invalid response from
   http://nossl.nextbrave.com/.well-known/acme-challenge/egWv9oqQhipIZ5MepUmKKzmKXJgdf15p8NvN3hrI3zw
   [52.216.184.242]: "<html>\n<head><title>404 Not
   Found</title></head>\n<body>\n<h1>404 Not
   Found</h1>\n<ul>\n<li>Code: NoSuchBucket</li>\n<li>Message: The"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /home/n0kt/tmp/certbot. You should make
   a secure backup of this folder now. This configuration directory
   will also contain certificates and private keys obtained by Certbot
   so making regular backups of this folder is ideal.

And the script I’m using this command:

AUTH_SRV_PORT=8000
certbot certonly --manual \
  -m myemail@gmail.com \
  --config-dir . \
  --work-dir . \
  --logs-dir . \
  --agree-tos \
  --no-eff-email \
  --preferred-challenges=http \
  --manual-auth-hook authenticator.sh \
  --manual-cleanup-hook cleanup.sh \
  --manual-public-ip-logging-ok \
  --http-01-port $AUTH_SRV_PORT \
  -d nossl.nextbrave.com \
  --dry-run

That command is supposed to create the cert manually without the need to have access to the target web server. am I right?

Thanks in advance.

_az · April 21, 2020, 11:20pm

The idea is that authenticator.sh would deploy the challenge response file to your webserver.

There's no way to bypass the challenge, you need to do it one way or another. Otherwise any person would be able to create a certificate for any domain.

system · May 21, 2020, 11:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cant create Cert http 201 Help	17	570	April 6, 2024
Challenge failed Help	10	137	January 8, 2025
Certbot - Challenge failed for domain / not found Help	7	3216	May 17, 2021
Creating a Certificate for our Website Help	15	614	March 1, 2023
I am trying to issue https certificate using certbot certonly --manual, but it says that "Certbot failed to authenticate some domains" Help	3	355	January 21, 2024

Not able to create certificate using certbot certonly manual

Related topics