Received an authentication failure message while attempting to issue an SSL/TLS certificate for your domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: devy.me

I ran this command: certbot certonly --webroot --agree-tos --no-eff-email --email ebyeon147@gmail.com -w /var/www/letsencrypt -d devy.me -d www.devy.me

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for devy.me and www.devy.me

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: devy.me
Type: unauthorized
Detail: 198.49.23.144: Invalid response from Coming Soon 404

Domain: www.devy.me
Type: unauthorized
Detail: 198.49.23.145: Invalid response from Coming Soon 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: oracle cloud

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.7.4

This is my log file. (command: cat /var/log/letsencyrpt/letsencrypt.log)
2023-11-24 21:09:17,933:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQzMTEwNzUzNiIsICJub25jZSI6ICJqWHl1dGJzbmtfWWhkLVNmMGd1X1pkc1hDYkI4eFVFLWdlS2QyRThQN1FuYVpqOUU3N0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "yOC7aamVW25QdaZ-XiI09y7s_2rcAtzo-TIolikbGxEGAhvJ8QxiwKG2LSxMmPZSHvOWtw3yVHQXSAopBHzsmeOJz1nnMa5Uhr6lJ5T2hxAwp2G249ExQZVXlqD5b5D109AARJ9jYB_B9DyMC7HyWfCj2L5uXI4N43UVo485m-NwCHC8izANPVFLL2wgC_tvm3rKWZR2a4G86_IWA_BTJLxuBE4BUxEzoEjvQzn5y10PV7fla_Az5XIxMQvwWdjrkAtjaFKXyUFvZJo0EWOCST_Cj2GFVZxlwK7zzOOfks40N48PBV950oUx1OOzjWtIs0WRHugIb2XE5XKVeJPdgg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImRldnkubWUiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAid3d3LmRldnkubWUiCiAgICB9CiAgXQp9"
}
2023-11-24 21:09:18,245:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 467
2023-11-24 21:09:18,246:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 24 Nov 2023 12:09:18 GMT
Content-Type: application/json
Content-Length: 467
Connection: keep-alive
Boulder-Requester: 1431107536
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1431107536/224479536956
Replay-Nonce: jXyutbsnw9F3QcMQtwzJnh1cDSU8_OTdr3M3ac5mw8VVxpepKZg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2023-12-01T12:09:18Z",
"identifiers": [
{
"type": "dns",
"value": "devy.me"
},
{
"type": "dns",
"value": "www.devy.me"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/287040416566",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/287040416576"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1431107536/224479536956"
}

Welcome @byeoneunyoung

Can you explain more what you are trying to do? Because your domain is current handled by SquareSpace servers and they already have certs setup for you.

Are you just starting to setup a website with them? Or do you just use their domain name services? These are the kinds of things it would be helpful to know. Thanks

And, how is Oracle Cloud involved?

curl -I http://www.devy.me
HTTP/1.1 301 Moved Permanently
Age: 8758
Location: https://www.devy.me/
Server: Squarespace

curl -I https://www.devy.me
HTTP/2 200
age: 11559
server: Squarespace
3 Likes

Hello @byeoneunyoung,

Here is a list of issued certificates crt.sh | devy.me, the latest being 2023-11-25.
Can we infer that the issue is resolved?

Presently Ports 80 & 443 are not Open; 80 being Closed and 443 being Filtered

$ nmap -Pn -p80,443 www.devy.me
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-27 00:35 UTC
Nmap scan report for www.devy.me (158.180.66.240)
Host is up (0.17s latency).

PORT    STATE    SERVICE
80/tcp  closed   http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
$ nmap -Pn -p80,443 devy.me
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-27 00:35 UTC
Nmap scan report for devy.me (158.180.66.240)
Host is up (0.17s latency).

PORT    STATE    SERVICE
80/tcp  closed   http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.