Problem creating a certificate for a github page hosted website

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lesdeuxconcierges.com

I ran this command: certbot certonly -v

It produced this output:
Creating a web.config file in C:\PROGRA~1\Certbot.well-known\acme-challenge to allow IIS to serve challenge files.
Waiting for verification...
Challenge failed for domain www.lesdeuxconcierges.com
http-01 challenge for www.lesdeuxconcierges.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: www.lesdeuxconcierges.com
Type: unauthorized
Detail: 185.199.111.153: Invalid response from http://www.lesdeuxconcierges.com/.well-known/acme-challenge/o58yaqC8sgI5ZASQ9uUamsa0VgoL881lZvx4UyUdS6o: 404

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: github pages

I can login to a root shell on my machine (yes or no, or I don't know):no i don't

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no I use a github repository

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

Why are you trying to use certbot to generate a certificate for Github Pages? Github Pages generates / manages / renews certificates automatically. You need to go to the Pages tab in the repository settings to see what's going on. But from what I can see you have multiple issues with your DNS records. Your apex domain has a singular A record pointing to 185.199.108.153, which is one of the Github Pages servers, but you're supposed to have A records for 4 different IPV4 IPs, and, optionally, AAAA records for 4 different IPV6 IPs. Your www subdomain is also weird, it's a CNAME to a completely different domain, and that other domain does happen to have A records for the 4 Github Pages IPs, BUT that's not how you're supposed to set up the CNAME. The www subdomain is supposed to be a CNAME to (your-username).github.io

So basically Github Pages is probably refusing to do the automatic certificate generation because your DNS records are not correct, which it'll probably tell you if you check the repository settings. There's an "Enforce HTTPS" button there but you won't be able to click it until your DNS entries are all correct & Github Pages has finished the certificate generation process.

See also:

7 Likes

As @catharsis says If you just complete the github pages domain setup (which I think is usually creating a CNAME record in your DNS) it will all start to work automatically, sometimes you have to switched their https off and on to get it working, thereafter it's all automatic.

Once github is hosting your site then your local machine/IIS etc has nothing to do with it anymore becuase it's running on githubs servers.

3 Likes

Thank you very much
I have been able to sort this out because of your response.
I updated the CNAME as you pointed out and the domain is now secure.
Thank you so much, your response was extremely useful and highly appreciated

2 Likes

thank you. I applied the advice @catharsis gave and the problem was resolved. Thank you

3 Likes

Your www. subdomain looks good but it appears your apex domain now has no DNS entries at all

$ nslookup lesdeuxconcierges.com
Server:         1.0.0.1
Address:        1.0.0.1#53

Non-authoritative answer:
*** Can't find lesdeuxconcierges.com: No answer

Even if you're going to be using the www. subdomain as canonical for your website, you really should still have DNS entries for your apex domain so that traffic to it can be redirected to www

Unfortunately you can't set a CNAME there (unless your DNS provider supports CNAME flattening, like Cloudflare) so for Github Pages you have to basically create 4 different A records and 4 different AAAA records... might take a few minutes but it'll be worth it.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.