Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

unable to get letsencrypt certificate

0

Hi, I'm new to AWS.

I can't get a letsencrypt certificate on a UBUNTU VM. Here is the error message I get:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:  Domain: emarge.cfa-epure.com  Type:   connection  Detail: 51.91.111.14: Fetching http://emarge.cfa-epure.com/.well-known/acme-challenge/_jqRgsdxDCCCn0TlQLdShQLTjTHXci-hvdatiffLWas: Timeout during connect (likely firewall problem)

Ports are opened and no firewall activated on the VM. Any advice apreciated

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
asked 2 years ago694 views
2 Answers
1

Hello.

Is HTTP allowed in EC2's security group inbound rules?
Let's Encrypt's HTTP challenge will fail if the web server cannot be reached on port 80.
https://letsencrypt.org/docs/challenge-types/

Please check the following document for examples of security groups used on web servers.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html

Please check the following document for adding rules to security groups.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#adding-security-group-rule

EXPERT
answered 2 years ago
0

In addition to Riku's answer above, have you checked out AWS Certificate Manager? I've found it to be a pretty convenient way to create & manage my certs without needing to install letsencrypt certbot.

You can attach the cert to the load balancer whether through the console, CLI, or infrastructure as code (CloudFormation)

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content