Not able to create certificate using certbot certonly manual

Hello everyone!

I want to request a certificate for a test subdomain, I don’t have access to the DNS of the subdomain neither the web server. So I want to create the cert remotely from my computer.

~/tmp/certbot 6s » ./poc.sh
Saving debug log to /home/n0kt/tmp/certbot/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nossl.nextbrave.com
Running manual-auth-hook command: authenticator.sh
Waiting for verification...
Challenge failed for domain nossl.nextbrave.com
http-01 challenge for nossl.nextbrave.com
Cleaning up challenges
Running manual-cleanup-hook command: cleanup.sh
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: nossl.nextbrave.com
   Type:   unauthorized
   Detail: Invalid response from
   http://nossl.nextbrave.com/.well-known/acme-challenge/egWv9oqQhipIZ5MepUmKKzmKXJgdf15p8NvN3hrI3zw
   [52.216.184.242]: "<html>\n<head><title>404 Not
   Found</title></head>\n<body>\n<h1>404 Not
   Found</h1>\n<ul>\n<li>Code: NoSuchBucket</li>\n<li>Message: The"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /home/n0kt/tmp/certbot. You should make
   a secure backup of this folder now. This configuration directory
   will also contain certificates and private keys obtained by Certbot
   so making regular backups of this folder is ideal.

And the script I’m using this command:

AUTH_SRV_PORT=8000
certbot certonly --manual \
  -m myemail@gmail.com \
  --config-dir . \
  --work-dir . \
  --logs-dir . \
  --agree-tos \
  --no-eff-email \
  --preferred-challenges=http \
  --manual-auth-hook authenticator.sh \
  --manual-cleanup-hook cleanup.sh \
  --manual-public-ip-logging-ok \
  --http-01-port $AUTH_SRV_PORT \
  -d nossl.nextbrave.com \
  --dry-run

That command is supposed to create the cert manually without the need to have access to the target web server. am I right?

Thanks in advance.

The idea is that authenticator.sh would deploy the challenge response file to your webserver.

There’s no way to bypass the challenge, you need to do it one way or another. Otherwise any person would be able to create a certificate for any domain.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.