PN protocol "acme-tls/1" for tls-alpn-01 challenge, url: [www.peak.codes] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiat

My domain is: www.peak.codes

I ran this command: ```
curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d ‘"’ -f 4 | wget -i -
tar xf lego_vX.Y.Z_linux_amd64.tar.gz
``` and

sudo lego --tls --email=“EMAIL-ADDRESS” --domains=“DOMAIN” --domains=“www.DOMAIN” --path="/etc/lego" run

It produced this output:
2019/03/30 20:33:24 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[peak.codes] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate AL
PN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[www.peak.codes] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiat
e ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
bitnami@ip-172-26-12-70:~$

My web server is - Using a Lightsail instance on Amazon Web Services

The operating system my web server runs on is Wordpress on Apache

My hosting provider, if applicable, is: Amazon Web Services

I can login to a root shell on my machine . YES

I’m using a control panel to manage my site NO

Brief overview- with the domain peak.codes I had already successfully installed an instance on Lightsail and successfully installed a LetsEncrypt certificate.

I deleted this instance (did not uninstall the certificate) and created a new instance on a new Lightsail account, this time when I tried requesting a certificate I received the message above and also in the attached screengrab.

Is LetsEncrypt keeping a record of the transaction and can I delete any record from the first instance.

Thanks Adrian

Current webservers don’t support tls-alpn. Try using http-01

Hi there thanks for your reply.

Previous to this WP instance on Lightsail I had successfully installed a SSL certificate using the same method

This is the other installation https://www.peek.gallery

So I am unsure why this one did not work

Regards

Adrian

can you run the same command without --tls option?

Ok I will try

What should the command line look like I ask because I am not a developer, for your information I started this process by installing lego I basically followed an article on Bitnami support forum

Regards

Adrian

The command

without the --tls option would look like.

sudo lego --email=“EMAIL-ADDRESS” --domains=“DOMAIN” --domains=“www.DOMAIN” --path="/etc/lego" run

No it does not run if I take out —tls

You can use the HTTP challenge instead of TLS challenge:

sudo lego --http --email=“EMAIL-ADDRESS” --domains=“DOMAIN” --domains=“www.DOMAIN” --path="/etc/lego" run
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.