Unable to get a certificate for AWS EC2

Hello Let’s Encrypt community, I’m having some issues trying to get a certificate for an AWS EC2 Instance running Apache server. I’ve been following the instructions here:

https://docs.aws.amazon.com/es_es/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html#letsencrypt

But I run into issues as soon as I try to setup certbot. I’m using domain redirection since aws domain names are forbidden but I don’t know what I may be missing.

I ran this command: sudo certbot

It produced this output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for [mydomain.com]
http-01 challenge for [www.mydomain.com]
Waiting for verification…
Challenge failed for domain [mydomain.com]
Challenge failed for domain [www.mydomain.com]
http-01 challenge for [mydomain.com]
http-01 challenge for [www.mydomain.com]
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: [mydomain.com]
  Type: unauthorized
  Detail: Invalid response
  "\n\n<html
  xmlns=“http://www.w3.or”

  Domain: [www.mydomain.com]
  Type: unauthorized
  Detail: Invalid response
  "\n\n<html
  xmlns=“http://www.w3.or”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is: Apache/2.4.41

The version of my client is: certbot 0.39.0

Thank you in advance for your help.

Hi @idec

your dns setup is wrong.

There is a check of your domain, 30 minutes old - https://check-your-website.server-daten.de/?q=example.com

With a redirect to Amazon:

Use the Amazon ip number in your DNS A record and remove the redirect.

So yourdomain -> ip of Amazon without a redirect. Then recheck your domain to see, if this is correct.

Hello @JuergenAuer, thanks for the quick response.

If I understood and did things correctly, this is the output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
Waiting for verification…
Challenge failed for domain example.com
Challenge failed for domain www.example.com
http-01 challenge for example.com
http-01 challenge for www.example.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: example.com
  Type: connection
  Detail: Fetching http://18.189.28.251: Invalid host in redirect
  target “18.189.28.251”. Only domain names are supported, not IP
  addresses

  Domain: www.example.com
  Type: connection
  Detail: Fetching http://18.189.28.251: Invalid host in redirect
  target “18.189.28.251”. Only domain names are supported, not IP
  addresses

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

Let me know if this was your suggestion or I missunderstood you. Thank you!

That's not that I have written. Change your DNS A entry and remove the redirect. Now you have the next wrong redirect.

And recheck the domain to see, if your DNS setup is correct.

My apologies @JuergenAuer. Using this records:

Captura de pantalla 2019-11-19 a las 11.27.59.png2234×498 27 KB

Edit:

Removing and re-adding the A records solved the issue. Thank you very much for your help!

Yes, that’s the correct basic setup.

If you use a hoster-initated redirect, that can’t work.

Happy to read it had worked. Now there

https://example.com/

is a new Letsencrypt certificate.

Same with the www version, the new certificate has both domain names

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.