Certbot failed to authenticate some domains (authenticator: webroot)

maneaticou · July 8, 2022, 1:12am

Hi,

I tried several times to install kobotookbox on Digital Ocean and I couldn’t. The problem occur during the https configuration (I guess).

I already have a domain pointing to Digital Ocean.
I have already configured four A records on Digital Ocean: @, kf, kc and ee pointing to the droplet.
pings to the four subdomains are responding ok.
I selected “Auto-install HTTPS certificates with Let’s Encrypt?”: Yes
Installation goes ok until the “Requesting a certificate for kf.[domain] and 2 more domains”

The error:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:

Domain: ee.[domain]
Type: connection
Detail: 159.223.121.15: Fetching http://ee.[domain]/.well-known/acme-challenge/SH3SnMF4dKzMPnSLzI-bX9bCimGGCDONVdvL_VD3uyg: Connection refused

Domain: kc.[domain]
Type: connection
Detail: 159.223.121.15: Fetching http://kc.[domain]/.well-known/acme-challenge/b8FKHFdtjIyCAyhQE5QyKhwm-joBaCyjzwDbyreK2FA: Connection refused

Domain: kf.[domain]
Type: connection
Detail: 159.223.121.15: Fetching http://kf.[domain]/.well-known/acme-challenge/2ywqRUjvn8hgYtiu24-sd3XMPhM4Z_HUXxh8BCaKR8w: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Reloading nginx …

OCI runtime exec failed: exec failed: unable to start container process: error executing setns process: exit status 1: unknown

An error has occurred

And the installation process breaks
Its seems like front-ends are not running yet. Browser them doesn’t show anything.
I’m completely lost.
I appreciate your help, thanks.

maneaticou · July 8, 2022, 4:44pm

I had no problems running kobotoolbox without certificates…

maneaticou · July 11, 2022, 4:01pm

Any help?

Installation is working ok over http, I can’t understand how only me is stuck with this issue? I run a basic configuration on a Digital ocean droplet.

I’m thinking in install and configure a nginx server in front of kobo into the same server but two questions come to me:
1- New nginx will listen on 80 and 443, how can I change nginx kobo port’s?
2- Do I need to proxi_pass each subdomain?

Thanks

maneaticou · July 11, 2022, 9:34pm

Problem is on nginx-certbot-nginx_ssl_proxy-1 container:

[emerg] 1#1: host not found in upstream “nginx.internal” in /etc/nginx/conf.d/app.conf:29

I will continue digging.
See you later.

maneaticou · July 12, 2022, 3:01am

No matter if I select to use LetEncrypts or a different reverse proxy, when Do you want to use HTTPS? is YES solution never end running up. Never.

eandrade · September 17, 2022, 2:31pm

Hello, im currently facing the same issues you are facing, doing the same exact things you did but still its not getting installed, i was wondering did you successfully installed kobo on your server? if not we could connect and try to ressolve this together.

ks_1 · September 20, 2022, 10:14am

What version are you running? Does this github issue describe your problem?

github.com/kobotoolbox/kobo-install

v2.022.08 breaks Certificate Check

opened 10:06AM - 03 Apr 22 UTC

amks1

**Description** In the new version (I tested with tag `2.022.08`) where the q…uestion to fetch the certificates from LetsEncrypt appears after the containers are built instead of before I noticed the following issues: 1. If I choose "N" (don't re-fetch certificates) for a previously installed domain, all containers come up but the website is unreachable. I have to always fetch certificates in order to continue. Because I was doing tests I kept hitting the LetsEncrypt limits and had to keep making new subdomains. Which brings me to the next point. 2. It always says that the certificates are present even if I enter a brand new subdomain name. **Steps to Reproduce: Issue 1 above** 1. Run `run.py --setup` and install new certificates. 2. Run `run.py --setup` again, presumably with some changes. But don't install new certificates when asked. 3. Containers come up but website is unreachable. 4. Run `run.py --setup` again, with no other changes other than this time, choose "y" for the certificate. 5. Containers come up and website is working. **Steps to Reproduce: Issue 2 above** 1. Run `run.py --setup` and install new certificates. 2. Run `run.py --setup` again, with a different subdomain. 3. At the time of certificate check, it says that the certificates are already present for this domain.

hamza0342 · March 28, 2023, 6:51am

Hi @maneaticou. Were you able to resolve this issue? I am facing exactly the same issue on my kobo toolbox running on ec2 server.

Jonas · November 23, 2023, 2:25am

Hey @maneaticou and @hamza0342,

i have the same issue when i do a fresh install. Any progress? :S

twesigye · January 6, 2025, 11:09am

Hello Team,

I have the same errors but from my side

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: ee.xxx.com
Type: unauthorized
Detail: ip adress: Invalid response from http://ee.xxx.com/.well-known/acme-challenge/_lht_Sy0BSMcZOnDN0gbPSfJgS3RkjZPRzmRStLX4_U: 404

I would love if someone has solved the issue.

The error shows for all the subdomains

Jonas · January 6, 2025, 11:26am

I just ended up using Caddy as a custom proxy (handles https automatically)

zhesham · January 27, 2025, 6:29am

Did it work?

zhesham · February 4, 2025, 5:56pm

can you please share your notes, Ive been stuck here for over a month. Just looked at caddy and it seems very interestine but I need a little hand holding.

abuyassad · March 25, 2025, 8:56am

yes this works