Hello,
I own a OVH VPS and a domain pointing on it with several subdomains like vpn.mydomain.ovh (for my vpn) and media.mydomain.ovh (fot my muximux). I tried to install a certificate for media but it failed (for other subdomains also) by using :
~/letsencrypt$ sudo ./letsencrypt-auto
But as a result I have this error and I do not know what to do or what to check.
I have added an AAAA point to the ipv6 of my VPS with no positive result.
Domain: media.mydomain.ovh
Type: unauthorized
Detail: Invalid response from
http://media.mydomain.ovh/.well-known/acme-challenge/WyxV8RbmiQIKrt93S5xh0B76WJKN0jLtN38KdNOIYmc
[xxx.xxx.xxx.xxx]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.16.1</ce"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://media.exstasi.ovh/.well-known/acme-challenge/pcugupwK-lcbV2ni-oiOlx5ggTWGSMkttdEhn2VweOk [145.239.87.58]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx/1.16.1\u003c/ce\"",
"status": 403
},
Domain: media.exstasi.ovh
Type: unauthorized
Detail: Invalid response from http://media.exstasi.ovh/.well-known/acme-challenge/pcugupwK-lcbV2ni-oiOlx5ggTWGSMkttdEhn2VweOk [145.239.87.58]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.16.1</ce"
We can see that there are authorization requirements to reach file in the /.well-known/acme-challenge/ directory.
That is bad.
The /.well-known/acme-challenge/ folder must not require any type of login.
Attempting to renew cert (media.exstasi.ovh) from /etc/letsencrypt/renewal/media.exstasi.ovh.conf produced an unexpected error: Failed authorization procedure. media.exstasi.ovh (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://media.exstasi.ovh/.well-known/acme-challenge
I give up.
How can I unsinstall all this cerbot and other stuff like letsencrypt ?
http is correct, answers. Checking /.well-known/acme-challenge/random-filename has the expected result http status 404 - Not Found. Https sends the `exstasi.ovh' certificate.
So your vHost configuration is wrong / buggy / missing.