Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do I fix Some challenges have failed. #9878

Open
SectorV5 opened this issue Jan 19, 2024 · 1 comment
Open

How do I fix Some challenges have failed. #9878

SectorV5 opened this issue Jan 19, 2024 · 1 comment

Comments

@SectorV5
Copy link

I'm trying to create a certificate for my website but it keeps failing. Can someone help please.

My operating system is (include version):

Debian 12

I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):

Snap

I ran this command and it produced this output:

sudo certbot --nginx

Certbot's behavior differed from what I expected because:

It fails challenge spits error in the logs and doesn't actually install a certificate.

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

`HTTP 200
Server: nginx
Date: Fri, 19 Jan 2024 12:04:53 GMT
Content-Type: application/json
Content-Length: 1564
Connection: keep-alive
Boulder-Requester: 1524589666
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: tI90Q3sPlMOnQ1HzvF3ZMYWOMIzqoBGvjQB69DdxNtqMl_o9KR4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "search.milivojevic.in.rs"
},
"status": "invalid",
"expires": "2024-01-26T12:04:28Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "109.198.23.126: Fetching http://search.milivojevic.in.rs/.well-known/acme-challenge/nniVp_mSe5VBE-w1ur5KrHM4QKPCy-JxS1fOHeJumbY: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/305842500186/SiBnMA",
"token": "nniVp_mSe5VBE-w1ur5KrHM4QKPCy-JxS1fOHeJumbY",
"validationRecord": [
{
"url": "http://search.milivojevic.in.rs/.well-known/acme-challenge/nniVp_mSe5VBE-w1ur5KrHM4QKPCy-JxS1fOHeJumbY",
"hostname": "search.milivojevic.in.rs",
"port": "80",
"addressesResolved": [
"109.198.23.126",
"2a06:5b03:2600:100:922b:34ff:fe1c:60b2"
],
"addressUsed": "2a06:5b03:2600:100:922b:34ff:fe1c:60b2"
},
{
"url": "http://search.milivojevic.in.rs/.well-known/acme-challenge/nniVp_mSe5VBE-w1ur5KrHM4QKPCy-JxS1fOHeJumbY",
"hostname": "search.milivojevic.in.rs",
"port": "80",
"addressesResolved": [
"109.198.23.126",
"2a06:5b03:2600:100:922b:34ff:fe1c:60b2"
],
"addressUsed": "109.198.23.126"
}
],
"validated": "2024-01-19T12:04:29Z"
}
]
}
2024-01-19 13:04:53,261:DEBUG:acme.client:Storing nonce: tI90Q3sPlMOnQ1HzvF3ZMYWOMIzqoBGvjQB69DdxNtqMl_o9KR4
2024-01-19 13:04:53,262:INFO:certbot._internal.auth_handler:Challenge failed for domain search.milivojevic.in.rs
2024-01-19 13:04:53,262:INFO:certbot._internal.auth_handler:http-01 challenge for search.milivojevic.in.rs
2024-01-19 13:04:53,262:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: search.milivojevic.in.rs
Type: connection
Detail: 109.198.23.126: Fetching http://search.milivojevic.in.rs/.well-known/acme-challenge/nniVp_mSe5VBE-w1ur5KrHM4QKPCy-JxS1fOHeJumbY: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

2024-01-19 13:04:53,263:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-01-19 13:04:53,263:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-01-19 13:04:53,263:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-01-19 13:04:54,430:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/3566/bin/certbot", line 8, in
sys.exit(main())
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/main.py", line 1869, in main
return config.func(config, plugins)
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/3566/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-01-19 13:04:54,431:ERROR:certbot._internal.log:Some challenges have failed.`

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

`server {
listen 80;
listen [::]:80;

root /var/www/html/LibreY;
server_name search.milivojevic.in.rs
autoindex on;

index index.php;



location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php-fpm.sock;
}

}`
@osirisinferi
Copy link
Collaborator

Have you tried the Let's Encrypt Community before opening this issue, as mentioned in the initial text presented when opening an issue here?

If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.

Because this most likely is not a bug in Certbot, but a webserver configuration issue. The Community can help you with that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@osirisinferi @SectorV5