Standalone failed due to DNS?

Hannah-N · October 1, 2020, 7:36pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:mahzarvancouver.com

I ran this command:certbot certonly --standalone

It produced this output:Domain: mahzarvancouver.com
Type: unauthorized
Detail: Invalid response from
http://mahzarvancouver.com/.well-known/acme-challenge/R9MdV_xP6wXZ5Yo_QGi0h1S8neByNnho-_i-5xxCGLc
[205.134.254.189]: "Error 404 - Not
Found

Error 404 - Not Found

The
document you are looking for ma"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:inmotionhosting

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): CPanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest

Hannah-N · October 1, 2020, 7:42pm

Hey Guys,

I've been struggling to launch a website for my business.

I bought a domain from google and bought a basic plan from inmotionhosting

I pointed the domain to the nameservers of inmotionhosting

Turned out that the self assigned certificate that inmotionhosting uses is so unsecure that even my browser blocks my access to the editing environment

After searching a lot I found here and tried to run certbot to geenrate a certificate

but I get the error above, and I don't know what the problem is.

I'm really struggling and could use some help

Thanks a bunch!

Osiris · October 1, 2020, 8:33pm

As you are probably on shared hosting with the "basic plan", I would advice you to use Inmotionhostings own (Let's Encrypt I assume) free SSL guide: https://www.inmotionhosting.com/support/edu/cpanel/auto-ssl-guide/

griffin · October 1, 2020, 8:49pm

Welcome to the Let's Encrypt Community, Hannah

Congratulations on launching your website!

@Osiris as usual has likely pointed you down the right road, but we will happily do our best to answer any questions you may have and address any troubles you may encounter.

I will take a deeper look into things once I return from lunch.

_az · October 1, 2020, 9:45pm

Something is a little strange because there is already a cPanel AutoSSL certificate for your domain protecting https://mahzarvancouver.com:2083/.

I would expect the same certificate should be used for https://mahzarvancouver.com - that's how it works usually.

If following the guide in the link that Osiris posted doesn't work, I would try ask your host's support how you can get the existing https://mahzarvancouver.com:2083 certificate to apply to https://mahzarvancouver.com.

Certbot is not suitable in this situation.

Osiris · October 1, 2020, 9:49pm

Interesting, that certificate hasn't been submitted to a certificate log (at least not on crt.sh). Didn't Chrome/Chromium require SCTs?

_az · October 1, 2020, 9:51pm

The cert I see in the browser matches https://crt.sh/?id=3454777666? Were you filtering by Let's Encrypt maybe?

Osiris · October 1, 2020, 9:54pm

Hmm, I can see it now too.. No, I guess it was issued between when I checked previously and now.. Also, my Chromium doesn't show the SCTs when I check the cert in the Developer Toolbar apparently..

It actually does. It seems @Hannah-N managed to get SSL working

griffin · October 1, 2020, 10:21pm

Well done, Hannah!

Now you need to get your 301 redirects in place from http to https and non-www to www (or vice versa).

Hannah-N · October 1, 2020, 10:30pm

I just went through a free basic SSL issuance. It generated one for me. Interesting is that it also tell me that because there's not a dedicated IP address, it's not seen as a secure website for the visitors.

It seems so difficult to launch a website

griffin · October 1, 2020, 11:07pm

You don't need a dedicated IP address to have a secure public website, just a public domain name and public IP address.

That's what an A (address) record is for in your DNS zone:

mahzarvancouver.com. 868 IN A 205.134.254.189

You can view your entire certificate history here:

Besides putting in place the redirects I already mentioned above, you'll probably want to:

Create a sitemap.

You can view one of mine to get an example:
https://openacme.org/sitemap.xml

Add your sitemap to your existing robots.txt file.

Here is your robots.txt:
https://mahzarvancouver.com/robots.txt

You can view one of mine to get an example:
https://openacme.org/robots.txt

Register your domain with Google Search Console to track your website.

Make sure to explicitly submit a link to your sitemap!

schoen · October 2, 2020, 12:14am

This is true for many users who are using web browsers made since before about 2006 or 2010.

Some scanning tools and documentation from the 2010-or-so era prominently warn web site operators about this, because it might have seemed like a big deal then. Now probably 2% of Internet users, or fewer, are using such old obsolete browsers, so it's not a big deal today.

It's true that the web platform has been a moving target for a while; as you can see from the "caniuse" site (which addresses details about web technology compatibility), a lot of web developers and web site admins are preoccupied with the way that the technologies supported on the web have changed quickly over time. And there are also a number of different layers and steps to deal with, especially if you're acting as your own system administrator.

Congratulations on the progress you've made on your site so far!