To solve this error, before running the certbot, I’v stopped the httpd(s) server(s) and it worked! 😉
/usr/bin/certbot certonly –standalone -d www.playboy.com –preferred-challenges http
To solve this error, before running the certbot, I’v stopped the httpd(s) server(s) and it worked! 😉
/usr/bin/certbot certonly –standalone -d www.playboy.com –preferred-challenges http
So, I was trying to create a SSL certificate with certbot…..
root@sd-5555:~# certbot --apache -d blog.domain.com
This was how I’v done to properly create it.
certbot --authenticator standalone --installer apache -d blog.domain.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
letsencrypt topic about this issue:Â https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983/2
This is due to a security incident with LetsEncrypt
Incident Status Security Issue
Components acme-v01.api.letsencrypt.org (Production), acme-staging.api.letsencrypt.org (Staging), acme-staging-v02.api.letsencrypt.org (Staging)
Locations High Assurance Datacenter 1, High Assurance Datacenter 2
While trying to renew the letsencrypt cert I got the following error
produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.
A simple solution – in my case – was to stop nginx, renew the cert and start nginx.
[root@sd-8XXXÂ pjrf]# /usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log Saving debug log to /var/log/letsencrypt/letsencrypt.log Cert not yet due for renewal Cert not yet due for renewal Cert not yet due for renewal Cert not yet due for renewal [root@sd-8XXX pjrf]# [root@sd-8XXX pjrf]# /usr/local/sbin/certbot-auto renew --force-renew
1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: subdomain.domain.com Type: unauthorized Detail: Invalid response from http://subdomain.domain.com/.well-known/acme-challenge/XXXXXXX_XXXXXXXX: "<!DOCTYPE html> <html lang="en"> <head> <title>404 Page Not Found</title> <style type="text/css"> ::selection{ background-color" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
Try to add the following, inside server{}, on user nginx domain configuration..
location /.well-known/acme-challenge/ { try_files $uri /dev/null =404; }
And reboot nginx… 🙂
So!,
letsencrypt renew output
Domain: www.domain.com Type: unauthorized Detail: Invalid response from http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6:
nginx error log
66.133.XXX.XXX - - [11/Feb/2017:09:33:20 +0100] "GET /.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6 HTTP/1.1" 404 247 "http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
“Somehow” my domain root has changed.
I had to take a look at /etc/letsencrypt/renewal/domain.com.conf and fix some paths… 🙂