ACME 403 error issue with SSL

          I've spent almost the whole day trying to figure this out and any help would be appreciated.  We're set up on AWS / EC2 with Bitnami/NGINX.

Your account credentials have been saved in your Let’s Encrypt
configuration directory at “/opt/bitnami/letsencrypt/accounts”.
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.2020/01/19 23:18:11 [INFO] [fitzroyownsit.com, www.fitzroyownsit.com] acme: Obtaining bundled SAN certificate
2020/01/19 23:18:12 [INFO] [fitzroyownsit.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2372836300
2020/01/19 23:18:12 [INFO] [www.fitzroyownsit.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2372836301
2020/01/19 23:18:12 [INFO] [fitzroyownsit.com] acme: use tls-alpn-01 solver
2020/01/19 23:18:12 [INFO] [www.fitzroyownsit.com] acme: use tls-alpn-01 solver
2020/01/19 23:18:12 [INFO] [fitzroyownsit.com] acme: Trying to solve TLS-ALPN-01
2020/01/19 23:18:17 [INFO] [www.fitzroyownsit.com] acme: Trying to solve TLS-ALPN-01
2020/01/19 23:18:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2372836300
2020/01/19 23:18:17 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2372836300
2020/01/19 23:18:18 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2372836301
2020/01/19 23:18:18 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2372836301
2020/01/19 23:18:18 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[fitzroyownsit.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:
[www.fitzroyownsit.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol “acme-tls/1” for tls-alpn-01 challenge, url:

Hi @themadstatist

checking your domain I don’t think that can work - https://check-your-website.server-daten.de/?q=fitzroyownsit.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
fitzroyownsit.com A 104.31.94.214 Chicago/Illinois/United States (US) - Cloudflare, Inc. No Hostname found yes 1 0
A 104.31.95.214 Chicago/Illinois/United States (US) - Cloudflare, Inc. No Hostname found yes 1 0
AAAA 2606:4700:3033::681f:5fd6 Chicago/Illinois/United States (US) - Cloudflare, Inc. yes
AAAA 2606:4700:3035::681f:5ed6 Chicago/Illinois/United States (US) - Cloudflare, Inc. yes

You use Cloudflare.

And you want to use the TLS-Alpn Challenge.

But the TLS-Alpn can’t work, if Cloudflare answers.

Read

Deactivate Cloudflare, so Letsencrypt is able to connect your server directly.

Or use another challenge type.

1 Like

I paused Cloudflare, but the problem I’m getting now via SSH (Putty) is that the file or directories don’t exist even though Let’s Encrypt says they were created.

Your account credentials have been saved in your Let’s Encrypt
configuration directory at “/opt/bitnami/letsencrypt/accounts”.
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.2020/01/20 00:45:28 [INFO] [fitzroyownsit.com, www.fitzroyownsit.com] acme: Obtaining bundled SAN certificate
2020/01/20 00:45:28 [INFO] [fitzroyownsit.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2374028098
2020/01/20 00:45:28 [INFO] [www.fitzroyownsit.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2374028099
2020/01/20 00:45:28 [INFO] [fitzroyownsit.com] acme: use tls-alpn-01 solver
2020/01/20 00:45:28 [INFO] [www.fitzroyownsit.com] acme: use tls-alpn-01 solver
2020/01/20 00:45:28 [INFO] [fitzroyownsit.com] acme: Trying to solve TLS-ALPN-01
2020/01/20 00:45:34 [INFO] [fitzroyownsit.com] The server validated our request
2020/01/20 00:45:34 [INFO] [www.fitzroyownsit.com] acme: Trying to solve TLS-ALPN-01
2020/01/20 00:45:40 [INFO] [www.fitzroyownsit.com] The server validated our request
2020/01/20 00:45:40 [INFO] [fitzroyownsit.com, www.fitzroyownsit.com] acme: Validations succeeded; requesting certificates
2020/01/20 00:45:40 [INFO] [fitzroyownsit.com] Server responded with a certificate.
bitnami@ip-172-31-24-252:~ sudo mv /opt/bitnami/ngix/conf/server.crt /opt/bitnami/ngix/conf/server.crt.old mv: cannot stat '/opt/bitnami/ngix/conf/server.crt': No such file or directory bitnami@ip-172-31-24-252:~ sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/ngix/conf/server.key
ln: failed to create symbolic link ‘/opt/bitnami/ngix/conf/server.key’: No such file or directory
bitnami@ip-172-31-24-252:~$ sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/ngix/conf/server.key

I think that’s because of a typo: you wrote /opt/bitnami/ngix/conf/ instead of /opt/bitnami/nginx/conf/, so the target directory doesn’t exist.

2 Likes

Thank you for catching that. Now, I’ve encountered this error.

bitnami@ip-172-31-24-252:~ sudo chown root:root /opt/bitnami/nginx/server* chown: cannot access '/opt/bitnami/nginx/server*': No such file or directory bitnami@ip-172-31-24-252:~

Any other suggestions. I seem to be stuck on : sudo chown root:root /opt/bitnami/conf/server*
chown: cannot access ‘/opt/bitnami/conf/server*’: No such file or directory

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.