python-certbot-doc 0.23.0-1 / usr / share / doc / python3-certbot / html / challenges.html

This file is indexed.

/usr/share/doc/python3-certbot/html/challenges.html is in python-certbot-doc 0.23.0-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
  <meta charset="utf-8">
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  
  <title>Challenges &mdash; Certbot 0.23.0 documentation</title>
  

  
  
  
  

  

  
  
    

  

  
  
    <link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
  

  

  
        <link rel="index" title="Index"
              href="genindex.html"/>
        <link rel="search" title="Search" href="search.html"/>
    <link rel="top" title="Certbot 0.23.0 documentation" href="index.html"/> 

  
  <script src="_static/js/modernizr.min.js"></script>

</head>

<body class="wy-body-for-nav" role="document">

   
  <div class="wy-grid-for-nav">

    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search">
          

          
            <a href="index.html" class="icon icon-home"> Certbot
          

          
          </a>

          
            
            
              <div class="version">
                0.23
              </div>
            
          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul>
<li class="toctree-l1"><a class="reference internal" href="intro.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="what.html">What is a Certificate?</a></li>
<li class="toctree-l1"><a class="reference internal" href="install.html">Get Certbot</a></li>
<li class="toctree-l1"><a class="reference internal" href="using.html">User Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="contributing.html">Developer Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="packaging.html">Packaging Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="resources.html">Resources</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="api.html">API Documentation</a></li>
</ul>

            
          
        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="index.html">Certbot</a>
        
      </nav>


      
      <div class="wy-nav-content">
        <div class="rst-content">
          















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="index.html">Docs</a> &raquo;</li>
        
      <li>Challenges</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
            
            <a href="_sources/challenges.rst.txt" rel="nofollow"> View page source</a>
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
  <div class="section" id="challenges">
<h1>Challenges<a class="headerlink" href="#challenges" title="Permalink to this headline"></a></h1>
<p>To receive a certificate from Let’s Encrypt certificate authority (CA), you must pass a <em>challenge</em> to
prove you control each of the domain names that will be listed in the certificate. A challenge is one of
three tasks that only someone who controls the domain should be able to accomplish:</p>
<ul class="simple">
<li>Posting a specified file in a specified location on a web site (the HTTP-01 challenge)</li>
<li>Offering a specified temporary certificate on a web site (the TLS-SNI-01 challenge)</li>
<li>Posting a specified DNS record in the domain name system (the DNS-01 challenge)</li>
</ul>
<p>It’s possible to complete each type of challenge <em>automatically</em> (Certbot directly makes the necessary
changes itself, or runs another program that does so), or <em>manually</em> (Certbot tells you to make a
certain change, and you edit a configuration file of some kind in order to accomplish it). Certbot’s
design favors performing challenges automatically, and this is the normal case for most users of Certbot.</p>
<p>Some plugins offer an <em>authenticator</em>, meaning that they can satisfy challenges:</p>
<ul class="simple">
<li>Apache plugin: (TLS-SNI-01) Tries to edit your Apache configuration files to temporarily serve
a Certbot-generated certificate for a specified name. Use the Apache plugin when you’re running
Certbot on a web server with Apache listening on port 443.</li>
<li>NGINX plugin: (TLS-SNI-01) Tries to edit your NGINX configuration files to temporarily serve a
Certbot-generated certificate for a specified name. Use the NGINX plugin when you’re running
Certbot on a web server with NGINX listening on port 443.</li>
<li>Webroot plugin: (HTTP-01) Tries to place a file where it can be served over HTTP on port 80 by a
web server running on your system. Use the Webroot plugin when you’re running Certbot on
a web server with any server application listening on port 80 serving files from a folder on disk in response.</li>
<li>Standalone plugin: (TLS-SNI-01 or HTTP-01) Tries to run a temporary web server listening on either HTTP on
port 80 (for HTTP-01) or HTTPS on port 443 (for TLS-SNI-01). Use the Standalone plugin if no existing program
is listening to these ports. Choose TLS-SNI-01 or HTTP-01 using the <code class="xref py py-obj docutils literal"><span class="pre">--preferred-challenges</span></code> option.</li>
<li>Manual plugin: (DNS-01 or HTTP-01) Either tells you what changes to make to your configuration or updates
your DNS records using an external script (for DNS-01) or your webroot (for HTTP-01). Use the Manual
plugin if you have the technical knowledge to make configuration changes yourself when asked to do so.</li>
</ul>
<div class="section" id="tips-for-challenges">
<h2>Tips for Challenges<a class="headerlink" href="#tips-for-challenges" title="Permalink to this headline"></a></h2>
<p>General tips:</p>
<ul class="simple">
<li>Run Certbot on your web server, not on your laptop or another server. It’s usually the easiest way to get a certificate.</li>
<li>Use a tool like the DNSchecker at dnsstuff.com to check your DNS records to make sure
there are no serious errors. A DNS error can prevent a certificate authority from
issuing a certificate, even if it does not prevent your site from loading in a browser.</li>
<li>If you are using Apache or NGINX plugins, make sure the configuration of your Apache or NGINX server is correct.</li>
</ul>
<div class="section" id="http-01-challenge">
<h3>HTTP-01 Challenge<a class="headerlink" href="#http-01-challenge" title="Permalink to this headline"></a></h3>
<ul class="simple">
<li>Make sure the domain name exists and is already pointed to the public IP address of the server where
you’re requesting the certificate.</li>
<li>Make sure port 80 is open, publicly reachable from the Internet, and not blocked by a router or firewall.</li>
<li>When using the Webroot plugin or the manual plugin, make sure the the webroot directory exists and that you
specify it properly. If you set the webroot directory for example.com to <code class="xref py py-obj docutils literal"><span class="pre">/var/www/example.com</span></code>
then a file placed in <code class="xref py py-obj docutils literal"><span class="pre">/var/www/example.com/.well-known/acme-challenge/testfile</span></code> should appear on
your web site at <code class="xref py py-obj docutils literal"><span class="pre">http://example.com/.well-known/acme-challenge/testfile</span></code> (A redirection to HTTPS
is OK here and should not stop the challenge from working.)</li>
<li>In some web server configurations, all pages are dynamically generated by some kind of framework,
usually using a database backend. In this case, there might not be a particular directory
from which the web server can serve filesdirectly. Using the Webroot plugin in this case
requires making a change to your web server configuration first.</li>
<li>Make sure your web server serves files properly from the directory where the challenge
file is placed (e. g. <code class="xref py py-obj docutils literal"><span class="pre">/.well-known/acme-challenge</span></code>) to the expected location on the
website without adding a header or footer.</li>
<li>When using the Standalone plugin, make sure another program is not already listening to port 80 on the server.</li>
<li>When using the Webroot plugin, make sure there is a web server listening on port 80.</li>
</ul>
</div>
<div class="section" id="tls-sni-01-challenge">
<h3>TLS-SNI-01 Challenge<a class="headerlink" href="#tls-sni-01-challenge" title="Permalink to this headline"></a></h3>
<ul class="simple">
<li>The TLS-SNI-01 challenge doesn’t work with content delivery networks (CDNs)
like CloudFlare and Akamai because the domain name is pointed at the CDN, not directly at your server.</li>
<li>Make sure port 443 is open, publicly reachable from the Internet, and not blocked by a router or firewall.</li>
<li>When using the Apache plugin, make sure you are running Apache and no other web server on port 443.</li>
<li>When using the NGINX plugin, make sure you are running NGINX and no other web server on port 443.</li>
<li>With either the Apache or NGINX plugin, certbot modifies your web server configuration. If you get
an error after successfully completing the challenge, then you have received a certificate but the
plugin was unable to modify your web server configuration, meaning that you’ll have to install the certificate manually.
In that case, please file a bug to help us improve certbot!</li>
<li>When using the Standalone plugin, make sure another program is not already listening to port 443 on the server.</li>
</ul>
</div>
<div class="section" id="dns-01-challenge">
<h3>DNS-01 Challenge<a class="headerlink" href="#dns-01-challenge" title="Permalink to this headline"></a></h3>
<ul class="simple">
<li>When using the manual plugin, make sure your DNS records are correctly updated;
you must be able to make appropriate changes to your DNS zone in order to pass the challenge.</li>
</ul>
</div>
</div>
</div>


           </div>
           <div class="articleComments">
            
           </div>
          </div>
          <footer>
  

  <hr/>

  <div role="contentinfo">
    <p>
    <span class="copyright">
    &copy; Copyright 2014-2018 - The Certbot software and documentation are licensed under the Apache 2.0 license as described at <a href="https://eff.org/cb-license">https://eff.org/cb-license</a>.
    </span>
    <br>
    <br>
    <span class="status">
        <a href="https://letsencrypt.status.io/">Let's Encrypt Status</a>
    </span>

    </p>
  </div>
  Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. 

</footer>
        </div>
      </div>

    </section>

  </div>
  


  

    <script type="text/javascript">
        var DOCUMENTATION_OPTIONS = {
            URL_ROOT:'./',
            VERSION:'0.23.0',
            COLLAPSE_INDEX:false,
            FILE_SUFFIX:'.html',
            HAS_SOURCE:  true,
            SOURCELINK_SUFFIX: '.txt'
        };
    </script>
      <script type="text/javascript" src="_static/jquery.js"></script>
      <script type="text/javascript" src="_static/underscore.js"></script>
      <script type="text/javascript" src="_static/doctools.js"></script>

  

  
  
    <script type="text/javascript" src="_static/js/theme.js"></script>
  

  
  
  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.StickyNav.enable();
      });
  </script>
   

</body>
</html>

APT Browse - Built by Thomas Orozco.