antisaWiki

User Tools

Site Tools

Trace: proxy_non_http_traffic_through_nginx atlassian_apps_aws_testing_troubleshooting wordpress_troubleshooting nginx_troubleshooting ansible_debug_one_variable new_host_setup_-_windows git_pull_via_ssh_public_key obtain_letsencrypt_certificate_domain_multiple_ips
wiki:certbot_troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
wiki:certbot_troubleshooting [2021/02/25 15:06] – created antisawiki:certbot_troubleshooting [2024/06/12 08:29] (current) – [References] add https://letsencrypt.org/docs/ipv6-support/ antisa
Line 1: Line 1:
-{{tag>certbot letsencrypt troubleshooting}}+{{tag>certbot letsencrypt ssl troubleshooting}} 
 + 
 +====== Letsencrypt certbot troubleshooting ====== 
 +  * certbot first establishes connection over ipv6. If you are getting timeout errors check firewall for ipv6 https access or set network stack to [[wiki:ipv4_over_ipv6|prefer ipv4 over ipv6]]. Also remove the AAAA record for your domain if you don't want it to connect over IPv6. 
 + 
 +  * Make sure that you can access a file path under webserver root as certbot uses .well-acme folder inside it to fetch the token it uses to check the owner of domain/server 
 +     
 +  * If there is a previous redirect in webserver configuration it could also interfere with certificate generation 
 + 
 +  * Certbot only works on default ports, 80 and 443. Check if the Listen directive has a different port if you get "Unauthorized error. 
 + 
 +  * When using the [[https://docs.ansible.com/ansible/latest/collections/community/crypto/acme_certificate_module.html#examples|ansible module]] make sure you add a [[https://github.com/ansible-collections/community.crypto/pull/11/files|check]] for the //challenge_data// this part: 
 + 
 +  when: sample_com_challenge is changed and 'sample.com' in sample_com_challenge['challenge_data'
 + 
 +otherwise the step will fail with this error 
 +<code> 
 +TASK [letsencrypt : Implement http-01 challenge files] *********************************************************************************************************** 
 +fatal: [1.1.1.1]: FAILED! =>  
 +  msg: |- 
 +    The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'my.domain.com' 
 +   
 + 
 +</code>
  
-====== certbot troubleshooting ====== 
 ===== Failed authorization procedure.... ===== ===== Failed authorization procedure.... =====
 Error: Error:
Line 9: Line 31:
  
   RewriteCond %{REQUEST_URI} !^\.well-known/(.*)$   RewriteCond %{REQUEST_URI} !^\.well-known/(.*)$
 +
 +===== SEC_ERROR_UNKNOWN_ISSUER with certbot in Firefox =====
 +If you get this weird error only on Firefox (89.0.2) and other browsers are ok, delete the existing certificate
 +
 +  certbot delete
 +
 +and run again
 +  certbot
 +
 +This should resolve the issue.
  
 ====== Tested on ====== ====== Tested on ======
   * Debian 10.8   * Debian 10.8
-  * certbot 0.31+  * certbot 0.31.0
  
 ====== See also ====== ====== See also ======
Line 19: Line 51:
   * [[wiki:certbot_download_certificates_only|Certbot download certificates only]]   * [[wiki:certbot_download_certificates_only|Certbot download certificates only]]
 ====== References ====== ====== References ======
 +  * https://github.com/ansible/ansible/issues/67949 
 +  * https://letsencrypt.org/docs/ipv6-support/
  
wiki/certbot_troubleshooting.1614265564.txt.gz · Last modified: by antisa
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki