• certbot first establishes connection over ipv6. If you are getting timeout errors check firewall for ipv6 https access or set network stack to prefer ipv4 over ipv6

• Make sure that you can access a file path under webserver root as certbot uses .well-acme folder inside it to fetch the token it uses to check the owner of domain/server

• If there is a previous redirect in webserver configuration it could also interfere with certificate generation

• Certbot only works on default ports, 80 and 443. Check if the Listen directive has a different port if you get “Unauthorized error.

• When using the ansible module make sure you add a check for the challenge_data this part:

when: sample_com_challenge is changed and 'sample.com' in sample_com_challenge['challenge_data']

otherwise the step will fail with this error

TASK [letsencrypt : Implement http-01 challenge files] ***********************************************************************************************************
fatal: [1.1.1.1]: FAILED! => 
  msg: |-
    The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'my.domain.com'
  

Error: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from…

There might redirect rules in effect. Try putting this in your .htaccess or vhost file:

RewriteCond %{REQUEST_URI} !^\.well-known/(.*)$

If you get this weird error only on Firefox (89.0.2) and other browsers are ok, delete the existing certificate

certbot delete

and run again

certbot

This should resolve the issue.

• Debian 10.8
• certbot 0.31.0

• Install certbot
• Install certbot via manual method
• Certbot download certificates only

• https://github.com/ansible/ansible/issues/67949