User Tools

Site Tools


wiki:certbot_troubleshooting

Letsencrypt certbot troubleshooting

  • certbot first establishes connection over ipv6. If you are getting timeout errors check firewall for ipv6 https access or set network stack to prefer ipv4 over ipv6. Also remove the AAAA record for your domain if you don't want it to connect over IPv6.
  • Make sure that you can access a file path under webserver root as certbot uses .well-acme folder inside it to fetch the token it uses to check the owner of domain/server
  • If there is a previous redirect in webserver configuration it could also interfere with certificate generation
  • Certbot only works on default ports, 80 and 443. Check if the Listen directive has a different port if you get “Unauthorized error.
when: sample_com_challenge is changed and 'sample.com' in sample_com_challenge['challenge_data']

otherwise the step will fail with this error

TASK [letsencrypt : Implement http-01 challenge files] ***********************************************************************************************************
fatal: [1.1.1.1]: FAILED! => 
  msg: |-
    The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'my.domain.com'
  

Failed authorization procedure....

Error: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from…

There might redirect rules in effect. Try putting this in your .htaccess or vhost file:

RewriteCond %{REQUEST_URI} !^\.well-known/(.*)$

SEC_ERROR_UNKNOWN_ISSUER with certbot in Firefox

If you get this weird error only on Firefox (89.0.2) and other browsers are ok, delete the existing certificate

certbot delete

and run again

certbot

This should resolve the issue.

Tested on

  • Debian 10.8
  • certbot 0.31.0

See also

References

wiki/certbot_troubleshooting.txt · Last modified: 2024/06/12 10:29 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki