I ran this command:certbot certonly --standalone --standalone-supported-challenges http-01 --http-01-port 8088 --staging -d www.example.com
It produced this output:Failed authorization procedure. The client lacks sufficient authorization :: Invalid response
I’ve ran it for my two other domains that aren’t behind CloudFront without an issue and I used to run it behind CloudFront on another server using letsencrypt-auto however on the new server it no longer works.
I’ve looked through the logs and it’s reaching my server and logs a 404. When I request a certificate on my other domains no 404 is logged.
I’ve also added a behavior for .well-known/* to forward all content of the request to the origin (parent domain). Is there a way to have the challenge work behind CloudFront and do it in an automated way? I could probably setup the response in the directory however renewing it would be a pain.