Unauthorized response from certbot

Help
1

Hello,
I'm Daniele from 5 Mode (http://5mode.com). I personally run between 70-100 domains using LetsEncrypt, all live domains. Today I got it wrong a couple of times more with the certbot command to request the certificate for the new "orderdu.de" domain misspelling "www.orderdu.de" with "www.ordedu.de". I'm actually waiting to forget it but relaunching the command after 1 hour I get the same response:

Domain: www.orderdu.de
Type: unauthorized
Detail: 192.161.187.200: Invalid response from
http://www.orderdu.de/.well-known/acme-challenge/...

I neither have clear why the error message is quoting a ".well-known" web directory when certbot is spinning off its webserver.

I recently did a migration from Fedora to a brand new Debian machine and just copied the LetsEncrypt folder with all its information. This has caused absolutely no problem till today. And I don't think this of much of interest of the kind of problem.

Thank you in advance for the help.

Daniele Bonini

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
certbot certonly --standalone --cert-name orderdu.de -d orderdu.de,www.orderdu.de

It produced this output:
Domain: www.orderdu.de
Type: unauthorized
Detail: 192.161.187.200: Invalid response from Welcome to orderdu.de...

My web server is (include version):
nginx, but I let certbot spin off its webserver

The operating system my web server runs on is (include version):
the operating system I run certbot on is a
Debian 5.10.92-1

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know):
I prefer to keep it for me.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0

1 Like
2

Just realized that behind the scene a change of nameservers happened. Working to restore the nameservers to my hosting provider now and to retry the certificate procedure. Sorry for the inconvenience.

Daniele Bonini

1 Like
3

As said above, realizing about the nameservers change solved, Thank you anyway for your partecipation :stuck_out_tongue:

1 Like
4

I'm glad you figured out the problem already. Although I do have a question: is the use of the standalone plugin a conscious choice? I can understand you don't want Certbot to mess with your nginx configuration for example and therefore don't want to use the --nginx plugin, but there also is the webroot plugin which makes use of the services provided by the already running webserver without messing with its configuration.

4 Likes
5

Thank you for the tip. However, as now you imagine with so many domains and their configuration files I have some constraints, also 5-6 years years ago living with few domains I choose to adopt the most immediate option and the less troublesome. Indeed, I think to talk also for the other people, we all love LetsEncrypt but with all the stuff a web professional must think today working by his own the certificate hopefully have not to hart in simplicity - I think so. I can suggest he troubles that today we still find dealing with LetsEncrypt/certbot are: 1) as you suggest the eventual pain to have to stop the webserver to update the certificate repo 2) the problem to have secure repo for your live certificates that I think could/should be different from LetsEncrypt base 3) the excess in options and doc typical of the opensource stuff and causing some scretches. Ah, some confidences.. :stuck_out_tongue:

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.