I am new to certbot.
if commands is “./certbot-auto certonly --standalone” and in the domain(mgfurniture.cn),get the response is:
- The following errors were reported by the server:
Detail: Incorrect validation certificate for tls-sni-01 challenge.
from 22.214.171.124:443. Received 4 certificate(s), first certificate
had names "*.ly200.com, ly200.com"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
if the commands is :./certbot-auto certonly --standalone --preferred-challenges tls-sni -d www.mgfurniture.cn -d mgfurniture.cn
no response anything
note : the domain(mgfurniture.cn) in server A ,this server’s port 80/443 must free ?
certbot-auto in server B
server B some info:
1,ip6 is disable;
2,network is ok
3, the post 80/443 is free.
how can I do? what can i do ? pls help.
The “server B” probably explains why you are using “–standalone”.
If I’m correct, you are trying to get a cert for domain “mgfurniture.cn” from a system that is not at the IP resolved by that name (126.96.36.199). Because IP 188.8.131.52 already responds on port 443 with a cert for “ly200.com” and certbot would not be able to run another standalone server on port 443 - but that wasn’t the error.
If so, you won’t be able to get the cert in this manner (directly).
The simplest indirect method would be with DNS challenge authentication.
No both are currently being used by NGINX if your domain is mgfurniture.cn
Standalone and certonly are commands which you need to review (so you understand what they do): https://certbot.eff.org/docs/using.html#standalone
I believe a better approach for you would be to use the --nginx command which you can review here: https://certbot.eff.org/docs/using.html#nginx
The NGINX plugin will find the right domains (from your configuration file) , configure NGINX to pass the challenge and install the certificates for you all in one go
I’m sorry for the long reply
thank you so much
Let me try
server A(ip is:184.108.40.206 centos 6.7) : http://www.soft169.xyz:8080/index.html
server B(install certbot),
I want to get a cert for domain ‘www.soft169.xyz’ in server B, how can i do?
in B, the cammands is : ./certbot-auto certonly --standalone --email firstname.lastname@example.org -d soft169.xyz
when Firewall off
when firewall on
The method of requesting a certificate that you’re using requires the server to be able to accept inbound connections on port 443, and requires you to run Certbot on the computer that the domain name is pointed to. You can’t use a different port number or run Certbot on a separate computer with this method.
Can you run Certbot on server A instead? If not, you might be able to use a different method to get the certificate.
Which other method can I get Let’s Encrypt certificate?
my server A have some Service limit,I cannot run Certbot on server A instead.
Which other method can i get,authenticate and renewal a Let’s Encrypt certificate in server B?
If you can create an HTTP 301 redirect on server A from http://www.soft169.xyz/.well-known/acme-challenge/ to server B, that is one approach. It does not have to affect any other directories. This indicates to the certificate authority that server B is allowed to answer ACME HTTP-01 challenges on behalf of server A.
The other alternative is if your DNS provider has an API which would let you automatically create DNS TXT records in your DNS zone. If so, you can run an ACME client on any machine and use the DNS provider API from there to create TXT records specified by the certificate authority to satisfy the ACME DNS-01 challenge method.
There are also other alternatives if you can create files (at specified locations) on server A, either manually or via a protocol like SCP or SFTP.
let me try
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.