SSL certificate for ngrok subdomain

ejgonzalezg · August 4, 2022, 8:52pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
intellirec.ngrok.io

I ran this command:
certbot certonly --standalone -d intellirec.ngrok.io

It produced this output:

2022-08-04 14:54:05,497:DEBUG:certbot._internal.main:certbot version: 1.24.0
2022-08-04 14:54:05,497:DEBUG:certbot._internal.main:Location of certbot entry point: C:\Program Files (x86)\Certbot\bin\certbot.exe
2022-08-04 14:54:05,497:DEBUG:certbot._internal.main:Arguments: ['--standalone', '-d', 'intellirec.ngrok.io', '--preconfigured-renewal']
2022-08-04 14:54:05,498:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-08-04 14:54:05,555:DEBUG:certbot._internal.log:Root logging level set at 30
2022-08-04 14:54:05,564:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2022-08-04 14:54:05,567:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x046CDB08>
Prep: True
2022-08-04 14:54:05,567:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x046CDB08> and installer None
2022-08-04 14:54:05,568:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2022-08-04 14:54:05,593:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/659252456', new_authzr_uri=None, terms_of_service=None), 78d941db3cff5186b4ed9f71ec08f245, Meta(creation_dt=datetime.datetime(2022, 8, 3, 0, 19, 41, tzinfo=<UTC>), creation_host='EDU-COMPU', register_to_eff='ejgonzalezg@hotmail.com'))>
2022-08-04 14:54:05,616:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-08-04 14:54:05,618:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-08-04 14:54:05,963:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2022-08-04 14:54:05,965:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Aug 2022 19:54:05 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "eL8kK11xfJU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-08-04 14:54:05,971:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for intellirec.ngrok.io
2022-08-04 14:54:06,280:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): C:\Certbot\keys\0016_key-certbot.pem
2022-08-04 14:54:06,306:DEBUG:certbot.crypto_util:Creating CSR: C:\Certbot\csr\0016_csr-certbot.pem
2022-08-04 14:54:06,307:DEBUG:acme.client:Requesting fresh nonce
2022-08-04 14:54:06,307:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-08-04 14:54:06,371:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-08-04 14:54:06,372:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Aug 2022 19:54:05 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01014gpNk4PR7iFfIy0xUaJIAupYW6C94eLTV2Pl4Uh6K_k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-08-04 14:54:06,372:DEBUG:acme.client:Storing nonce: 01014gpNk4PR7iFfIy0xUaJIAupYW6C94eLTV2Pl4Uh6K_k
2022-08-04 14:54:06,373:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "intellirec.ngrok.io"\n    }\n  ]\n}'
2022-08-04 14:54:06,384:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjU5MjUyNDU2IiwgIm5vbmNlIjogIjAxMDE0Z3BOazRQUjdpRmZJeTB4VWFKSUF1cFlXNkM5NGVMVFYyUGw0VWg2S19rIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "boQQ5Z-AV-EBBtvce28rnq3VyQ7ofCqAGmiQKBnHtrSgD90dPRZmCKuRX3ZWMccD9nQLB_aURoFrSzDUBk46eWcIddShHCUkndinf1tCn7AqsCDFC_3PNkRzx0DZ2buwlk8wuCzr2CCKYMBenB_VfCSYo3eRsdr8o9r2BaAz8NUI-uJsPNx4iAPf1GthDvVBYzYQhp6VrYM33go1UiyIm1JP_mxOvh6zOB7hPQ19p5_3UdlTs9AavVz_r6HnyD39f13Uh01lwFK3EouqnGHjf94iKuAoSlsfVEMjroNDAQMRE4c78gigt-FvDp_LuMOD5t0gxtA973yKlinDKgnngg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImludGVsbGlyZWMubmdyb2suaW8iCiAgICB9CiAgXQp9"
}
2022-08-04 14:54:06,697:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 344
2022-08-04 14:54:06,700:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 04 Aug 2022 19:54:05 GMT
Content-Type: application/json
Content-Length: 344
Connection: keep-alive
Boulder-Requester: 659252456
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/659252456/113141062726
Replay-Nonce: 01020Bjj4S0ffgPxCOpHEpKeegXr6Juz4r28wNXjZIkXCOk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-08-11T19:54:05Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "intellirec.ngrok.io"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/138346167546"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/659252456/113141062726"
}
2022-08-04 14:54:06,700:DEBUG:acme.client:Storing nonce: 01020Bjj4S0ffgPxCOpHEpKeegXr6Juz4r28wNXjZIkXCOk
2022-08-04 14:54:06,701:DEBUG:acme.client:JWS payload:
b''
2022-08-04 14:54:06,707:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/138346167546:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjU5MjUyNDU2IiwgIm5vbmNlIjogIjAxMDIwQmpqNFMwZmZnUHhDT3BIRXBLZWVnWHI2SnV6NHIyOHdOWGpaSWtYQ09rIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzgzNDYxNjc1NDYifQ",
  "signature": "S5VQVpT130zgU5Bbm1oQ1-whGnNnhzgJwjFHsCq0xBWoLCVu6_2K9QJFMUNvQ6j9SuQ-I2x7KoRpm4FyoyFyyQdTbKi8YCbPYN5Fgb-O4AXTKwMYTIA3GAho7rfeSJMrd4VSQK1wKJ-wqSI3v22feM1pe8D3GScD9U4YI-rUlVfOQQDBQ0QwzXfqaP5SOxJplfl-LnC2lh1S4cikupaNJMahDEsQAFbudQdqftC6FTM21Y9uZNBI6KUVgWKGTBxI9p52Qb-LOUdwaWEWJvdVvFVIMdYjTz0wJvtgy2QqcSvxIIGeN44HjBkpyUfuff-VTx_Fz3uD4vRBVN_KrkMkHQ",
  "payload": ""
}
2022-08-04 14:54:06,814:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/138346167546 HTTP/1.1" 200 803
2022-08-04 14:54:06,816:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Aug 2022 19:54:06 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 659252456
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101wOkDKwGSul8d7n5fyQZoecamhguv2rvvK3MFwQx096A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "intellirec.ngrok.io"
  },
  "status": "pending",
  "expires": "2022-08-11T19:54:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/138346167546/bmnVdA",
      "token": "s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/138346167546/fhqXmA",
      "token": "s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/138346167546/57dAlg",
      "token": "s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o"
    }
  ]
}
2022-08-04 14:54:06,817:DEBUG:acme.client:Storing nonce: 0101wOkDKwGSul8d7n5fyQZoecamhguv2rvvK3MFwQx096A
2022-08-04 14:54:06,819:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-08-04 14:54:06,819:INFO:certbot._internal.auth_handler:http-01 challenge for intellirec.ngrok.io
2022-08-04 14:54:06,829:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2022-08-04 14:54:06,832:DEBUG:acme.standalone:Successfully bound to :80 using IPv4
2022-08-04 14:54:06,839:DEBUG:acme.client:JWS payload:
b'{}'
2022-08-04 14:54:06,851:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/138346167546/bmnVdA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjU5MjUyNDU2IiwgIm5vbmNlIjogIjAxMDF3T2tES3dHU3VsOGQ3bjVmeVFab2VjYW1oZ3V2MnJ2dkszTUZ3UXgwOTZBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xMzgzNDYxNjc1NDYvYm1uVmRBIn0",
  "signature": "hUFCa0Le4ukSd-NEuZT9cY0WYOWD1rWr5-mvzWNfKCW-jYz79rAThSmk_vTwh-PTsDy77Su5RSerABDmWVH893KmIUZVBk8V54fb9GIRI4VzAhDWs9i04BJflt4Ampo5O4XuxkUkLDEjSrOr2GJB3MusLqNViXqftsMCJ2k2-vr5n36G0hxpmKzIhJp_UCzZiW-lvliLilFmN0Eqdzt5DyIbQjWXbvnP-VIDsbaTN-6fmaA9CA0o9SpEcmJdSrBbXYujMnefwuSDZ4loQFXvbdrwYlU7UcP87hzkcjrysHkpKNI2D5Q0INBpszIFuyW1KPBKdg0lBfP9T6UHXUhwzA",
  "payload": "e30"
}
2022-08-04 14:54:06,957:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/138346167546/bmnVdA HTTP/1.1" 200 187
2022-08-04 14:54:06,959:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Aug 2022 19:54:06 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 659252456
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/138346167546>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/138346167546/bmnVdA
Replay-Nonce: 0101iuaPKv_PURXWlurwTnpF-itgUhhNNkBcMSsPlOL2myg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/138346167546/bmnVdA",
  "token": "s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o"
}
2022-08-04 14:54:06,959:DEBUG:acme.client:Storing nonce: 0101iuaPKv_PURXWlurwTnpF-itgUhhNNkBcMSsPlOL2myg
2022-08-04 14:54:06,961:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-08-04 14:54:07,976:DEBUG:acme.client:JWS payload:
b''
2022-08-04 14:54:07,985:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/138346167546:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjU5MjUyNDU2IiwgIm5vbmNlIjogIjAxMDFpdWFQS3ZfUFVSWFdsdXJ3VG5wRi1pdGdVaGhOTmtCY01Tc1BsT0wybXlnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzgzNDYxNjc1NDYifQ",
  "signature": "YRNL7_JHv__n60NoEosX9Z2skSORijlP7iUiRevUumbl7DTyO2RTe8lrM0MHzlcBQLbEGg2CR0PcCuWNdOw9RK26vA0bGS3UZ6K0twopBc005cMfls-gyq8eNoZ1dNXL_ZEtm2pIH_I-fCU-U9re_CCBQIXXX2gXovZ3GioyQHmJ2MmeU8oNnV4lmuYXpOV80lKC1jF5PLsfMxyf0IiiyZ1ay8jMJ5dmCl4566FF-X_Fgnc_xqExcKU0PxI3GaAM7iLh96bWmPlDHCrt7lXpeicxzecEcxAcHgyPgouQj9acWv4DUIxp6rhbhtEdhXUbVKGcpGstLJyr7wcatphZ1g",
  "payload": ""
}
2022-08-04 14:54:08,084:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/138346167546 HTTP/1.1" 200 1466
2022-08-04 14:54:08,085:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Aug 2022 19:54:07 GMT
Content-Type: application/json
Content-Length: 1466
Connection: keep-alive
Boulder-Requester: 659252456
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102MPw20ykpU5OMaKwF6Qje7omHeft1jpMIBD42dBpGNfY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "intellirec.ngrok.io"
  },
  "status": "invalid",
  "expires": "2022-08-11T19:54:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "2600:1f16:d83:1202::6e:5: Invalid response from https://acme.ngrok.com/.well-known/acme-challenge/s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o?host=intellirec.ngrok.io: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/138346167546/bmnVdA",
      "token": "s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o",
      "validationRecord": [
        {
          "url": "http://intellirec.ngrok.io/.well-known/acme-challenge/s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o",
          "hostname": "intellirec.ngrok.io",
          "port": "80",
          "addressesResolved": [
            "3.13.191.225",
            "2600:1f16:d83:1202::6e:5"
          ],
          "addressUsed": "2600:1f16:d83:1202::6e:5"
        },
        {
          "url": "https://acme.ngrok.com/.well-known/acme-challenge/s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o?host=intellirec.ngrok.io",
          "hostname": "acme.ngrok.com",
          "port": "443",
          "addressesResolved": [
            "34.222.167.10"
          ],
          "addressUsed": "34.222.167.10"
        }
      ],
      "validated": "2022-08-04T19:54:06Z"
    }
  ]
}
2022-08-04 14:54:08,086:DEBUG:acme.client:Storing nonce: 0102MPw20ykpU5OMaKwF6Qje7omHeft1jpMIBD42dBpGNfY
2022-08-04 14:54:08,087:INFO:certbot._internal.auth_handler:Challenge failed for domain intellirec.ngrok.io
2022-08-04 14:54:08,088:INFO:certbot._internal.auth_handler:http-01 challenge for intellirec.ngrok.io
2022-08-04 14:54:08,088:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: intellirec.ngrok.io
  Type:   unauthorized
  Detail: 2600:1f16:d83:1202::6e:5: Invalid response from https://acme.ngrok.com/.well-known/acme-challenge/s9guqD5ce2e_cGcNVG8ICwMgEYYBgs4bMk0oe0ffY3o?host=intellirec.ngrok.io: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2022-08-04 14:54:08,091:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-08-04 14:54:08,091:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-08-04 14:54:08,091:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-08-04 14:54:08,093:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2022-08-04 14:54:08,093:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80...
2022-08-04 14:54:08,865:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "runpy.py", line 197, in _run_module_as_main
  File "runpy.py", line 87, in _run_code
  File "C:\Program Files (x86)\Certbot\bin\certbot.exe\__main__.py", line 29, in <module>
    sys.exit(main())
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 19, in main
    return internal_main.main(cli_args)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1679, in main
    return config.func(config, plugins)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1538, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 139, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 513, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-08-04 14:54:08,870:ERROR:certbot._internal.log:Some challenges have failed.

My web server is (include version): node js, v14.15

The operating system my web server runs on is (include version):
Windows 11

My hosting provider, if applicable, is:
my own pc and using Ngrok

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot version: 1.24.0

Additional Information:
This is my Ngrok Pro tunnel configuration:

authtoken: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
version: 2
tunnels:
intellirec:
proto: http
addr: 80
subdomain: intellirec

MikeMcQ · August 4, 2022, 9:27pm

Welcome to the community @ejgonzalezg

Are you running that certbot standalone command on the server handling your intellirec.ngrok.io domain?

Because I get responses to that domain for both http (port 80) and https (port 443) on both IPv4 and v6. But, the standalone option requires use of port 80 and it successfully bound to that

Did you stop your server first maybe?

Can you provide more explanation? Thanks

rg305 · August 4, 2022, 9:39pm

Note: The LE HTTP ACME authorization requests will prefer IPv6 over IPv4 when present.

The IPv6 address is listening on port 80 and all requests are returned with "403 forbidden":

curl -Ii6 http://intellirec.ngrok.io/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 403 Forbidden
Connection: close
Content-Type: text/html
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Content-Length: 3486

Are you following some guide?

rg305 · August 4, 2022, 9:40pm

That doesn't match the IPv6 address I get:

Name:      intellirec.ngrok.io
Addresses: 2600:1f16:d83:1201::6e:1
           3.13.191.225

_az · August 4, 2022, 9:41pm

ngrok intercepts the acme-challenge HTTP requests for custom domains, in certain configurations. This is because they also provision a Let's Encrypt certificate for you automatically when you're using their proxy service.

I think there is some other mode you can use ngrok where it doesn't behave like this, but I haven't used ngrok in a while and don't see anything in their docs about it. Maybe ask their support.

ejgonzalezg · August 4, 2022, 9:56pm

Hi Mike,

Thanks for your reply, before running the certbot command I stopped my web server because I am using "standalone" flag.

I am trying to test a Teams bot according to this guide:

github.com

microsoftgraph/microsoft-graph-comms-samples/blob/master/Samples/V1.0Samples/AksSamples/teams-recording-bot/docs/setup/certificate.md

# Setting up SSL Certificate

## Generate SSL Certificate

### Requirements

- Follow [Ngrok installation and configuration guide](./ngrok.md)
- Follow [Certbot installation guide for Windows](https://certbot.eff.org/lets-encrypt/windows-other.html) or [Certbot installation guide for Ubuntu](https://certbot.eff.org/lets-encrypt/ubuntufocal-other)
- Follow [OpenSSL installation guide](./openssl.md)

### Instructions

For this example, I'm using my Ngrok reserved domain of jodogrok. Go get your own!

This will connect Ngrok, set up SSL and save it to `/letsencrypt` or the `etc` folder if you run it on Windows.

Please note, there is a limit on how many times you can do LetsEncrypt (like maybe 5 a week!) so save your `letsencrypt` folder.

If the `letsencrypt` folder exists, it will use these certs instead (will copy them to the right place in the container). If you change your ngrok domain name, you will have to delete this folder first as the certs will not work.

This file has been truncated. show original

ejgonzalezg · August 4, 2022, 10:01pm

Hi rg305

I appreciate your reply.

I registered for a Pro Ngrok account in order to be able to get a subdomain for my Teams bot test. I created the subdoamin:

ejgonzalezg · August 4, 2022, 10:04pm

Hi _az,

Thanks a lot for your reply, I will ask Ngrok support to.

system · September 3, 2022, 10:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot certonly --webroot ... Exit 1 Help	18	1797	July 13, 2022
Challenge failed on Windows2016 for SSL Help	8	1021	April 16, 2023
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported Help	8	202	June 6, 2025
Certbot with nip.io or xip.io Help	14	8912	February 7, 2021
First Install of certbot for IIS 8.5 Help	29	2009	December 30, 2021

SSL certificate for ngrok subdomain

Related topics