By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

unable to get letsencrypt certificate

0

Hi, I'm new to AWS.

I can't get a letsencrypt certificate on a UBUNTU VM. Here is the error message I get:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:  Domain: emarge.cfa-epure.com  Type:   connection  Detail: 51.91.111.14: Fetching http://emarge.cfa-epure.com/.well-known/acme-challenge/_jqRgsdxDCCCn0TlQLdShQLTjTHXci-hvdatiffLWas: Timeout during connect (likely firewall problem)

Ports are opened and no firewall activated on the VM. Any advice apreciated

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
chen
asked 2 months ago122 views
2 Answers
1

Hello.

Is HTTP allowed in EC2's security group inbound rules?
Let's Encrypt's HTTP challenge will fail if the web server cannot be reached on port 80.
https://letsencrypt.org/docs/challenge-types/

Please check the following document for examples of security groups used on web servers.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html

Please check the following document for adding rules to security groups.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#adding-security-group-rule

profile picture
EXPERT
Riku_Kobayashi
answered 2 months ago
0

In addition to Riku's answer above, have you checked out AWS Certificate Manager? I've found it to be a pretty convenient way to create & manage my certs without needing to install letsencrypt certbot.

You can attach the cert to the load balancer whether through the console, CLI, or infrastructure as code (CloudFormation)

profile picture
thatMiracle
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content