503 error when requesting a certificate

My domain is:infinity-cluster.projet-horizon.fr

I ran this command: certbot run --debug --cert-name infinity-cluster.projet-horizon.fr

It produced this output:

Requesting a certificate for infinity-cluster.projet-horizon.fr
Performing the following challenges:
http-01 challenge for infinity-cluster.projet-horizon.fr
Waiting for verification...
Challenge failed for domain infinity-cluster.projet-horizon.fr
http-01 challenge for infinity-cluster.projet-horizon.fr
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in
load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1156, in run
certname, lineage)
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 135, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
Please see the logfiles in /var/log/letsencrypt for more details.


Could it be linked to
AH01909: RSA certificate configured for osfa.iap.fr:443 does NOT include an ID which matches the server name
warning I get in apache log ?

My web server is (include version):apache 2.4.6-97.el7.centos.5.x86_64

The operating system my web server runs on is (include version):CentOS Linux release 7.9.2009

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.11.0


1 Like

Please click on your own link :wink:

1 Like

Hi @liv, and welcome to the LE community forum :slight_smile:

There is something in the way the web config is handling the challenge request folder.
As seen by comparing these two requests:

curl -Ii http://infinity-cluster.projet-horizon.fr/.well-known/test
HTTP/1.1 404 Not Found
Date: Mon, 04 Apr 2022 19:58:51 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
Content-Type: text/html; charset=iso-8859-1

curl -Ii http://infinity-cluster.projet-horizon.fr/.well-known/acme-challenge/test
HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=UTF-8
Content-Length: 930
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

Hi Rudy thx a lot for your help, your test is exactly what I need to give to the security guys at my lab (I suspect a regression due to a firewall upgrade). Thx again! liv


For ref, turned to be indeed a firewall issue needing 'acme-protocol' authorization rule.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.