Home > OS >  Certbot acme challenge
Certbot acme challenge

Time:01-19

I have two servers. One serves as web server and the other is radius server. In order to setup the radius, I have to validate the ownership of the domain name by issuing

certbot certonly --standalone -d my.comain.com

Unfortunately, it returns

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for my.domain.com
Performing the following challenges:
http-01 challenge for my.domain.com
Waiting for verification...
Challenge failed for domain my.domain.com
http-01 challenge for my.domain.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: my.domain.com
Type:   unauthorized
Detail: Invalid response from
http://my.domain.com/.well-known/acme-challenge/lZJhjHOvCGs0DKmrdJbi31iGW_RpNL58ua2CPzwmKA4
[1XX.1XX.1XX.1XX]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

For your information, this command is run from radius server and the domain is on web server. The domain is reachable by browser. And even I put 777 permission for http folder, the error still persist.

Does it have to be on the same server?

CodePudding user response:

From Certbot's documentation:

This plugin needs to bind to port 80 in order to perform domain validation, so you may need to stop your existing webserver.

certbot acts as a web server in order to validate the domain. Let's Encrypt tries to connect to this web server on the domain pointed to by certbot's -d option (my.domain.com in your case). You will therefore need some temporary network trickery (port forwarding, DNS changes etc.) so that the traffic from Let's Encrypt gets to the RADIUS server, instead of the web server, while you're requesting this certificate. You'll also need to repeat every three months for renewals.

Page link:https//www.codepudding.com/os/268315.html

Prev:Python Flask - How to set a default value of NULL for type Date in a form
Next:Creating a random dictionary in python
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding