Running
sudo certbot certonly --standalone -d cimetrics.io --staple-ocsp -m [email protected] --agree-tos
Yields
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: cimetrics.io
Type: unauthorized
Detail: 15.197.142.173: Invalid response from http://cimetrics.io/.well-known/acme-challenge/HAOi6Kom9At9ywZ8UAUykre5WqkAg8dfYvl6tEIA388: 404
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
on my Ubuntu ec2 instance fails.
I have the domain cimetrics.io from godaddy and have forwarded it to point to my ec2 instance at 3.10.39.149.
Pinging the IP and domain demonstrates similar results
PS C:\Users\jonat> ping 3.10.39.149
Pinging 3.10.39.149 with 32 bytes of data:
Reply from 3.10.39.149: bytes=32 time=19ms TTL=49
Reply from 3.10.39.149: bytes=32 time=26ms TTL=49
Reply from 3.10.39.149: bytes=32 time=20ms TTL=49
Reply from 3.10.39.149: bytes=32 time=19ms TTL=49
Ping statistics for 3.10.39.149:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 26ms, Average = 21ms
PS C:\Users\jonat> ping cimetrics.io
Pinging cimetrics.io [3.33.152.147] with 32 bytes of data:
Reply from 3.33.152.147: bytes=32 time=34ms TTL=247
Reply from 3.33.152.147: bytes=32 time=32ms TTL=247
Reply from 3.33.152.147: bytes=32 time=30ms TTL=247
Reply from 3.33.152.147: bytes=32 time=36ms TTL=247
Ping statistics for 3.33.152.147:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 36ms, Average = 33ms
PS C:\Users\jonat>
I can also see the response from my http server on my ec2 instance using http://cimetrics.io/ and http://3.10.39.149/.
Host information:
ubuntu@ip-172-31-11-236:~$ uname --a
Linux ip-172-31-11-236 6.2.0-1017-aws #17~22.04.1-Ubuntu SMP Fri Nov 17 21:07:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
The current DNS records:
; Domain: cimetrics.io
; Exported (y-m-d hh:mm:ss): 2023-12-30 23:39:48
;
; This file is intended for use for informational and archival
; purposes ONLY and MUST be edited before use on a production
; DNS server.
;
; In particular, you must update the SOA record with the correct
; authoritative name server and contact e-mail address information,
; and add the correct NS records for the name servers which will
; be authoritative for this domain.
;
; For further information, please consult the BIND documentation
; located on the following website:
;
; http://www.isc.org/
;
; And RFC 1035:
;
; http://www.ietf.org/rfc/rfc1035.txt
;
; Please note that we do NOT offer technical support for any use
; of this zone data, the BIND name server, or any other third-
; party DNS software.
;
; Use at your own risk.
$ORIGIN cimetrics.io.
; SOA Record
@ 3600 IN SOA ns75.domaincontrol.com. dns.jomax.net. (
2023123000
28800
7200
604800
3600
)
; A Record
@ 600 IN A 15.197.142.173
@ 600 IN A 3.33.152.147
; NS Record
@ 3600 IN NS ns75.domaincontrol.com.
@ 3600 IN NS ns76.domaincontrol.com.
; CNAME Record
www 3600 IN CNAME @
_domainconnect 3600 IN CNAME _domainconnect.gd.domaincontrol.com.
I also posed this question on the forums https://community.letsencrypt.org/t/certbot-failed-to-authenticat-standalone-invalid-response/210924.
Fixed under the question on the forum at https://community.letsencrypt.org/t/certbot-failed-to-authenticat-standalone-invalid-response/210924/5?u=jonathanwoollett-lig