The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: portal.pkfea.com

I ran this command:certbot certonly --standalone --preferred-challenge http -d portal.pkfea.com

It produced this output:
Requesting a certificate for portal.pkfea.com

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:

• Domain: portal.pkfea.com*
• Type: unauthorized*
• Detail: 196.201.229.106: Invalid response from http://portal.pkfea.com/.well-known/acme-challenge/WhSyrTiW-MuIWorthCxvYht44iDp_sn0a0BB4CNLC4s: 404*

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):Apache/2.4.54 (Debian)

The operating system my web server runs on is (include version): Debian GNU/Linux 11 (bullseye)

My hosting provider, if applicable, is: Self Hosting

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.30.0

Hello @cwanyuts, welcome to the Let's Encrypt community.

You ran

However I can access the web site http://portal.pkfea.com/ from Window 10 Firefox 108.0.1 (64-bit);
so I suspect that --standalone is not able to spin up its server since Port 80 is in use.

$ curl -I http://portal.pkfea.com/.well-known/acme-challenge/WhSyrTiW-MuIWorthCxvYht44iDp_sn0a0BB4CNLC4s
HTTP/1.1 404 Not Found
Date: Fri, 23 Dec 2022 21:42:08 GMT
Server: Apache/2.4.54 (Debian)
Content-Type: text/html; charset=iso-8859-1

$ nmap portal.pkfea.com
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-23 21:46 UTC
Nmap scan report for portal.pkfea.com (196.201.229.106)
Host is up (0.30s latency).
rDNS record for 196.201.229.106: 196.201.229.106.liquidtelecom.net
Not shown: 996 filtered ports
PORT    STATE  SERVICE
53/tcp  closed domain
80/tcp  open   http
113/tcp closed ident
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 16.98 seconds

$ nslookup portal.pkfea.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   portal.pkfea.com
Address: 196.201.229.106

Thanks @Bruce5051
Which option should i be using??

The Certbot documentation Welcome to the Certbot documentation! — Certbot 2.1.1 documentation , it the best help I can offer.
Kindly wait for knowledgeable Certbot & Apache community volunteers to assist.

The --apache plug-in will get a cert and update your Apache config to use it. That is, it will setup your HTTPS (port 443) VirtualHost. Something like:

certbot --apache -d portal.pkfea.com

If you want to configure your Apache config manually for HTTPS use the --webroot method. This only gets the cert. Like this:

certbot certonly --webroot -w (path to DocumentRoot) -d portal.pkfea.com

See the certbot docs for details:
https://eff-certbot.readthedocs.io/en/stable/using.html#apache

Sorry wrong thread.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.