I want to create SSL certs for domains / subdomains that can only be accessed after a reverse proxy.
There’s no single web server but multiple servers offering different web services. Having only 1 public IP the requests are directed to the relevant server by the reverse proxy server.
This reverse proxy has SSL termination enabled + any http request will be redirected to https.
I’ve installed certbot on a Proxmox VE server and started cert creation with option “standalone”. However the verification failed; here’s the log output:
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel): biszumbitterenen.de
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for biszumbitterenen.de
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. biszumbitterenen.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://biszumbitterenen.de/.well-known/acme-challenge/-d4Pf49aKv9B-U0hKzrri05UuvE6o2Cwd9zpQwfsAp8 [22.214.171.124]: 503
The following errors were reported by the server:
Detail: Invalid response from
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
What is the recommended procedure for cert creation considering this setup (reverse proxy + Proxmox VE)?
My domain is:
I ran this command:
It produced this output:
Failed authorization procedure. biszumbitterenen.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authori
zation :: Invalid response from http://biszumbitterenen.de/.well-known/acme-challenge/JKAs47KiNtF8Ah0kahoJ2kTAszj-Wi6TB_zB7bPp2Qc
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):