If you want to use letsencrypt and can't get it working even if you have an absolute minimum configuration like that:
server {
listen *:80;
server_name example.com;
root /var/www/example.com;
}
it can be that your DNS A-Record is pointing to a different location than the AAAA-Record. this can easily happen if you have no direct access to the DNS interface and only the A-Record was changed.
for debian9 (stretch) install the certbot from backports. the shiped version is quite outdated and can lead to Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
cerbot came up with the, for me, not so helpful error message 300 Multiple Choices and the acme.sh log file also contained only a code='400'
certbot error:
- The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/TOKEN_REMOVED:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>300 Multiple Choices</title>
</head><body>
<h1>Multiple C"
acme.sh error:
[Mon May 28 17:37:26 CEST 2018] url='https://acme-staging.api.letsencrypt.org/acme/challenge/TOKEN_REMOVED/ID_REMOVED'
[Mon May 28 17:37:26 CEST 2018] payload='{"resource": "challenge", "keyAuthorization": "KEY_AUTH_REMOVED"}'
[Mon May 28 17:37:26 CEST 2018] POST
[Mon May 28 17:37:26 CEST 2018] _post_url='https://acme-staging.api.letsencrypt.org/acme/challenge/TOKEN_REMOVED/ID_REMOVED'
[Mon May 28 17:37:26 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon May 28 17:37:27 CEST 2018] _ret='0'
[Mon May 28 17:37:27 CEST 2018] code='400'
- photo by Mikes Photos https://www.pexels.com/photo/arrow-close-up-direction-environment-445012/
Top comments (2)
can you please delete your comment. its simply advertisment for your article