Problem with Certbot when creating a new Certificate

My domain is: ferienhofkleingarn.ddns.net

I ran this command: sudo certbot certonly --nginx

It produced this output:

aving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): ferienhofkleingarn.ddns.net
Requesting a certificate for ferienhofkleingarn.ddns.net

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: ferienhofkleingarn.ddns.net
Type: unauthorized
Detail: Invalid response from https://ferienhofkleingarn.ddns.net/.well-known/acme-challenge/bNFJT-ltL_R7aAl0QRIHJwRRDmfrSxIv6IovvaMTMII [84.175.157.252]: "<html lang="en" ng-controller="MainController as mainCtrl" ng-strict-di><meta charset="utf-8">CloudK"

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The operating system my web server runs on is (include version): Debian 8 (Jessie)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.19.0

Problem Solved:

My Problem was that my Webserver was using the Port 8443,
but the Check is only getting passed when the Website stays at Port 80.
So i temporarily setup a new Webserver which keeps at Port 80 (Default NginX Page).

Then i was able to generate my Certificate.
After that i successfully importet my Certificate into My Webserver

But now my Browser is saying that the Certificate insnt for that Website?

Which website? https://ferienhofkleingarn.ddns.net:8443/ works perfectly. At least, if the UniFi login was also intented

Hmm. I am seeing a self-signed cert in openssl and an expected browser warning about such.

openssl s_client -connect ferienhofkleingarn.ddns.net:8443 -servername ferienhofkleingarn.ddns.net -trusted_first
CONNECTED(00000003)
depth=0 C = US, ST = CA, L = San Jose, O = Ubiquiti Networks Inc., OU = UniFi Protect, CN = CloudKey
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = CA, L = San Jose, O = Ubiquiti Networks Inc., OU = UniFi Protect, CN = CloudKey
verify return:1
---
Certificate chain
 0 s:/C=US/ST=CA/L=San Jose/O=Ubiquiti Networks Inc./OU=UniFi Protect/CN=CloudKey
   i:/C=US/ST=CA/L=San Jose/O=Ubiquiti Networks Inc./OU=UniFi Protect/CN=CloudKey

You may have gotten a proper cert but your server is not yet sending the new fullchain.

A couple things. You gave an example certonly command. Did you need any other updates to your nginx conf manually to use the new certs? You said you imported it so you should double check that. I am not sure what you mean by imported.

If that is all good, did you reload nginx to pickup the new config?

So as you might have seen im Using that Domain for a Unifi Device.

Im not sure how to import the Certificate directly but theres a script out there from GitHub which does exactly that.

I dont know why my previously imported Certificate is no longer active.
But when it was active it sometimes worked and sometimes it didnt.

Im going to take a better look at it tommorow and keep you updated.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.