7

This is my first time building a server and hosting it to AWS EC2. When running the command sudo certbot certonly --standalone or sudo certbot certonly --webroot I recieved this error below

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: matthieuxroger.com
  Type:   unauthorized
  Detail: Invalid response from http://matthieuxroger.com/.well-known/acme-challenge/nWRAFCcRUeVxZ0C5YtRg_9bihG2YQeqacUcGjxdCMzg [18.205.22.32]: "<!DOCTYPE html>\n<html>\n  <head>\n    <title>Matthieux Roger</title>\n    <link rel='stylesheet' href='/stylesheets/style.css' />\n "

I am using nodejs on ubuntu 20 running on AWS EC2. Any help would be apprieciated.

Improve this question
1
  • can your instance access the internet, you should check your security group? you need to open port 443 and 80 (inbound) you should include the security group configuration in your question also.
    – Hamuel
    Commented Sep 25, 2021 at 21:43

4 Answers 4

Reset to default
9

When using the webroot method with Certbot, a web server is spun up that serves a single file, so that Let's Encrypt can verify the ownership of the server at a domain. But when LE accessed your domain, it got a different server that served a 404 page. It seems that the DNS for your domain isn't pointing to the EC2 instance that is requesting a certificate. (or perhaps it has been updated but just hasn't propagated yet). You need to update the DNS records to point to the server requesting a certificate with certbot. Alternatively, you can use a different challenge type that doesn't require running a server to prove ownership (such as dns-01).

Improve this answer
2

check the domain name server in your domain name registration that you have just the A record point to your address and delete other A records

Improve this answer
1

Just check the domain name server like cloudflare, where you correctly add Records. Double check Record type, Name and content.

Before creating letsencrypt ssl certificate you must need to point/map your domain with the server.

In my case I add this:

Type,     Name,            Content 
A,        my-domain,       3.19.x.x

It resolved my issue.

Improve this answer
0

Check if the AAAA records (ipv6) are configured.

Either you get it to match with your server ipv6 or remove them entirely.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.