All of a sudden: "acme: error: 403" with a 404 response

Help
1

My domain is:
friendr.nl

I ran this command:
/usr/local/directadmin/scripts/letsencrypt.sh renew friendr.nl 4096

It produced this output:
2020/07/28 13:49:27 [INFO] [friendr.nl, www.friendr.nl] acme: Obtaining SAN certificate
2020/07/28 13:49:29 [INFO] [friendr.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947194
2020/07/28 13:49:29 [INFO] [www.friendr.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947200
2020/07/28 13:49:29 [INFO] [friendr.nl] acme: Could not find solver for: tls-alpn-01
2020/07/28 13:49:29 [INFO] [friendr.nl] acme: use http-01 solver
2020/07/28 13:49:29 [INFO] [www.friendr.nl] acme: Could not find solver for: tls-alpn-01
2020/07/28 13:49:29 [INFO] [www.friendr.nl] acme: use http-01 solver
2020/07/28 13:49:29 [INFO] [friendr.nl] acme: Trying to solve HTTP-01
2020/07/28 13:49:34 [INFO] [www.friendr.nl] acme: Trying to solve HTTP-01
2020/07/28 13:49:41 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947194
2020/07/28 13:49:41 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947194
2020/07/28 13:49:41 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947200
2020/07/28 13:49:41 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947200
2020/07/28 13:49:41 Could not obtain certificates:
error: one or more domains had a problem:
[friendr.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://friendr.nl/.well-known/acme-challenge/WgPEy9Rk9MBYz2juXsgT3pTZNlcev2YRqAzMoq0g2Kk [84.22.106.78]: β€œ\n\n404 Not Found\n\n

Not Found

\nTh”, url:
[www.friendr.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.friendr.nl/.well-known/acme-challenge/423i_uXwz299l1hL1Cym7X8cVXL34bRjd7wnHQsOh50 [84.22.106.78]: β€œ\n\n404 Not Found\n\n

Not Found

\nTh”, url:
Certificate generation failed.

My web server is (include version):
CentOS 6
with DirectAdmin

The operating system my web server runs on is (include version):
Apache 2.4.43

My hosting provider, if applicable, is:
Tilaa

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site:
DirectAdmin 1.61.3

Since a couple of days I started getting β€œError during automated certificate renewal for friendr.nl” (and several other domains) in de DirectAdmin message log.

I’ve never had this problem before so what could have changed this? Probably an update but I can’t know which one.

To test I deleted the .well-known/acme-challenge/ directories. I then did the following command line request.
/usr/local/directadmin/scripts/letsencrypt.sh renew friendr.nl 4096

This is what I tried:
I checked the directory and found a /.well-known/acme-challenge/letsencrypt_1595936966 file which I can access through http.
So there’s no problem in writing permissions. But letsencrypt is looking for /.well-known/acme-challenge/WgPEy9Rk9MBYz2juXsgT3pTZNlcev2YRqAzMoq0g2Kk but only wrote /.well-known/acme-challenge/letsencrypt_1595936966.

This is where my knowledge stops. Please help…

2

Reading through http://files.directadmin.com/services/all/letsencrypt.sh, it seems like the script uses /var/www/html/ as the webroot where it places the .well-known/acme-challenge/ files.

This seems to be combined with an alias for /.well-known (configured in /etc/httpd/conf/extra/httpd-alias.conf) which ensures that all domains use the same location for that path.

Is that letsencrypt_1595936966 file in /var/www/html/.well-known/acme-challenge/, or somewhere else?

1 Like
3

Big thanks for your reply. When looking in the /var/www/html/.well-known/acme-challenge directory and found a bunch of letsencrypt_************* files created on the 25th this month. Not sure why the 25th though because the errors started the day before on the 24th.

The letsencrypt_1595936966 was in the expected directory at /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge
I have multiple domains running on the server.

4

Right.

I'm not a DirectAdmin user, but I believe think that the letsencrypt.sh script expects /.well-known to be globally aliased to /var/www/html/.well-known/. (Regardless of what domain it is).

If you look in the script and search for "webroot", you'll see it's hardcoded to use that path.

This seems to be corroborated by Troubleshooting Let's Encrypt Errors | Directadmin Docs.

So when it comes to your server, my first impression is that the alias has somehow unconfigured itself.

1 Like
5

Here’s the whole log

staging=yes bash -x ./letsencrypt.sh request friendr.nl
++ /usr/bin/id -u

  • MYUID=0
  • β€˜[’ 0 β€˜!=’ 0 β€˜]’
  • LEGO=/usr/local/bin/lego
  • DNS_SERVER=8.8.8.8
  • DNS6_SERVER=2001:4860:4860::8888
  • NEW_IP=1.1.1.1
  • NEW6_IP=2606:4700:4700::1111
  • DA_IPV6=false
  • TASK_QUEUE=/usr/local/directadmin/data/task.queue.cb
  • LEGO_DATA_PATH=/usr/local/directadmin/data/.lego
  • β€˜[’ 2 -lt 2 β€˜]’
  • β€˜[’ 2 -lt 3 β€˜]’
  • KEY_SIZE=ec256
  • ECC_USED=true
  • ECC=secp384r1
  • KEY_SIZE=
  • β€˜[’ β€˜β€™ = secp384r1 β€˜]’
  • β€˜[’ β€˜β€™ = prime256v1 β€˜]’
  • β€˜[’ β€˜β€™ = 4096 β€˜]’
  • β€˜[’ β€˜β€™ = 2048 β€˜]’
  • β€˜[’ β€˜β€™ = 8192 β€˜]’
  • ECC=prime256v1
  • KEY_SIZE=ec256
  • ECC_USED=true
  • DA_BIN=/usr/local/directadmin/directadmin
  • β€˜[’ β€˜!’ -s /usr/local/directadmin/directadmin β€˜]’
  • β€˜[’ request = present β€˜]’
  • β€˜[’ request = cleanup β€˜]’
  • grep -m1 -q β€˜^ipv6=1$’
  • /usr/local/directadmin/directadmin c
  • CURL=/usr/local/bin/curl
  • β€˜[’ β€˜!’ -x /usr/local/bin/curl β€˜]’
  • DIG=/usr/bin/dig
  • β€˜[’ β€˜!’ -x /usr/bin/dig β€˜]’
  • β€˜[’ yes = yes β€˜]’
  • API_URI=acme-staging-v02.api.letsencrypt.org
  • API=https://acme-staging-v02.api.letsencrypt.org
  • CHALLENGETYPE=http
  • GENERAL_TIMEOUT=40
  • CURL_OPTIONS=’–connect-timeout 40 -k --silent’
    ++ uname
  • OS=Linux
  • OPENSSL=/usr/bin/openssl
    ++ date +%s
  • TIMESTAMP=1596019631
    ++ cut -d= -f2
    ++ grep β€˜^letsencrypt=’
    ++ /usr/local/directadmin/directadmin c
  • LETSENCRYPT_OPTION=2
    ++ cut -d= -f2
    ++ grep β€˜^secure_access_group=’
    ++ /usr/local/directadmin/directadmin c
  • ACCESS_GROUP_OPTION=access
  • FILE_CHOWN=diradmin:mail
  • FILE_CHMOD=640
  • β€˜[’ access β€˜!=’ β€˜β€™ β€˜]’
  • FILE_CHOWN=diradmin:access
  • β€˜[’ β€˜!’ -x /usr/local/bin/lego β€˜]’
  • DOCUMENT_ROOT=
  • WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge
  • β€˜[’ β€˜!’ -z β€˜β€™ β€˜]’
  • APPEND_SERVER=’-s https://acme-staging-v02.api.letsencrypt.org/directory’
    ++ hostname -f
  • SERVER_HOSTNAME=maakhierjewebsite01.cloud.tilaa.com
  • β€˜[’ -z maakhierjewebsite01.cloud.tilaa.com β€˜]’
  • β€˜[’ β€˜!’ -s /usr/local/directadmin/data/users/admin/user.conf β€˜]’
  • ADMIN_USERCONF=/usr/local/directadmin/data/users/admin/user.conf
  • β€˜[’ β€˜!’ -z /usr/local/directadmin/data/users/admin/user.conf β€˜]’
  • β€˜[’ -s /usr/local/directadmin/data/users/admin/user.conf β€˜]’
    ++ cut -d, -f1
    ++ cut -d= -f2
    ++ grep -m1 β€˜^email=’ /usr/local/directadmin/data/users/admin/user.conf
  • EMAIL=admin@maakhierjewebsite.nl
  • β€˜[’ -z admin@maakhierjewebsite.nl β€˜]’
  • DOMAIN=friendr.nl
  • β€˜[’ β€˜β€™ β€˜!=’ yes β€˜]’
  • FOUNDDOMAIN=0
    ++ tr , ’ ’
    ++ echo friendr.nl
  • for TDOMAIN in β€˜echo "${DOMAIN}" | tr '\'','\'' '\'' '\''’
  • DOMAIN_NAME_FOUND=friendr.nl
    ++ perl -p0 -e β€˜s#.#\.#g’
    ++ echo friendr.nl
  • DOMAIN_ESCAPED=β€˜friendr.nl’
  • grep -m1 -q β€˜^friendr.nl:’ /etc/virtual/domainowners
    ++ cut '-d ’ -f2
    ++ grep -m1 β€˜^friendr.nl:’ /etc/virtual/domainowners
  • USER=admin
  • HOSTNAME=0
  • FOUNDDOMAIN=1
  • break
  • β€˜[’ 1 -eq 0 β€˜]’
  • CSR_CF_FILE=
  • DA_USERDIR=/usr/local/directadmin/data/users/admin
  • DA_CONFDIR=/usr/local/directadmin/conf
  • HOSTNAME_DIR=/var/www/html
  • β€˜[’ β€˜!’ -d /usr/local/directadmin/data/users/admin β€˜]’
  • β€˜[’ β€˜!’ -d /usr/local/directadmin/conf β€˜]’
  • β€˜[’ 0 -eq 0 β€˜]’
  • DNSPROVIDER_FALLBACK=/usr/local/directadmin/data/users/admin/domains/friendr.nl.dnsprovider
  • β€˜[’ -s /usr/local/directadmin/data/users/admin/domains/friendr.nl.dnsprovider β€˜]’
  • KEY=/usr/local/directadmin/data/users/admin/domains/friendr.nl.key
  • CERT=/usr/local/directadmin/data/users/admin/domains/friendr.nl.cert
  • CACERT=/usr/local/directadmin/data/users/admin/domains/friendr.nl.cacert
  • β€˜[’ β€˜β€™ β€˜!=’ β€˜β€™ β€˜]’
  • grep -m1 -q β€˜^letsencrypt=2$’
  • /usr/local/directadmin/directadmin c
    ++ cut -d: -f6
    ++ grep -m1 β€˜^admin:’ /etc/passwd
  • USER_HOMEDIR=/home/admin
  • DOMAIN_DIR=/home/admin/domains/friendr.nl/public_html
  • WELLKNOWN_PATH=/home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge
  • β€˜[’ -s /usr/local/directadmin/data/users/admin/domains/friendr.nl.cert β€˜]’
  • β€˜[’ request = renew β€˜]’
  • β€˜[’ request = request β€˜]’
  • grep -m1 -q ,
  • echo friendr.nl
  • β€˜[’ -s β€˜β€™ β€˜]’
  • β€˜[’ -s /usr/local/directadmin/data/users/admin/domains/friendr.nl.cert β€˜]’
  • grep -m1 -q β€˜Subject Alternative Name:’
  • /usr/bin/openssl x509 -text -noout -in /usr/local/directadmin/data/users/admin/domains/friendr.nl.cert
    ++ perl -p0 -e β€˜s|DNS:||g’
    ++ tr -d ’ ’
    ++ grep DNS:
    ++ grep -m1 β€˜Subject Alternative Name:’ -A1
    ++ /usr/bin/openssl x509 -text -noout -in /usr/local/directadmin/data/users/admin/domains/friendr.nl.cert
  • DOMAIN=friendr.nl,www.friendr.nl
  • β€˜[’ β€˜!’ -e /home/admin/domains/friendr.nl/public_html β€˜]’
  • grep -m1 -q ,
  • echo friendr.nl,www.friendr.nl
    ++ perl -p0 -e β€˜s/,/ -d /g’
    ++ echo friendr.nl,www.friendr.nl
  • DOMAINS=β€˜friendr.nl -d www.friendr.nl’
  • DOMAIN_FLAG=’-d friendr.nl -d www.friendr.nl’
    ++ cut -d, -f1
    ++ echo friendr.nl,www.friendr.nl
  • FIRST_DOMAIN=friendr.nl
  • CHALLENGETYPE=http
  • β€˜[’ -s /usr/local/directadmin/data/users/admin/domains/friendr.nl.dnsprovider β€˜]’
  • β€˜[’ β€˜!’ -z β€˜β€™ β€˜]’
  • grep -m1 -q β€˜*.’
  • echo β€˜-d friendr.nl -d www.friendr.nl’
    ++ perl -p0 -e β€˜s/^*.//g’
    ++ perl -p0 -e β€˜s/,/ /g’
    ++ echo friendr.nl,www.friendr.nl
  • for domain_name in β€˜echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"’
  • caa_check friendr.nl
  • CAA_OK=true
    ++ tail -n1
    ++ grep -v β€˜.$’
    ++ /usr/bin/dig @8.8.8.8 AAAA friendr.nl +short
  • IP_TO_RESOLV=
  • β€˜[’ 0 -eq 9 β€˜]’
    ++ awk -F. β€˜{b=$NF;for(i=NF-1;i>0;i–){b=$i FS b;print b}}’
    ++ echo friendr.nl
  • for i in β€˜echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''’
  • grep -m1 -q -F – issue
  • /usr/bin/dig CAA friendr.nl @8.8.8.8 +short
  • grep -m1 -q -F – SERVFAIL
  • /usr/bin/dig CAA friendr.nl @8.8.8.8
  • true
  • β€˜[’ http = http β€˜]’
  • challenge_check friendr.nl
  • β€˜[’ β€˜!’ -d /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge β€˜]’
  • touch /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge/letsencrypt_1596019631
  • chmod 644 /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge/letsencrypt_1596019631
  • chown webapps:webapps /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge/letsencrypt_1596019631
  • CURL_RESOLV_OPTIONS=
    ++ tail -n1
    ++ grep -v β€˜.$’
    ++ /usr/bin/dig @8.8.8.8 AAAA friendr.nl +short
  • IP_TO_RESOLV=
  • β€˜[’ 0 -eq 9 β€˜]’
  • grep -m1 -q :
  • echo β€˜β€™
  • IP_TO_RESOLV=
  • β€˜[’ -z β€˜β€™ β€˜]’
    ++ tail -n1
    ++ /usr/bin/dig @8.8.8.8 friendr.nl +short
  • IP_TO_RESOLV=84.22.106.78
    ++ tail -n1
    ++ /usr/bin/dig friendr.nl +short
  • CURRENT_RESOLV=84.22.106.78
  • β€˜[’ -z 84.22.106.78 β€˜]’
  • β€˜[’ -x /sbin/ping6 β€˜]’
  • β€˜[’ -x /usr/sbin/ping6 β€˜]’
  • false
  • ping6 -q -c 1 -W 1 friendr.nl
    ++ tail -n1
    ++ /usr/bin/dig @8.8.8.8 friendr.nl +short
  • IP_TO_RESOLV=84.22.106.78
    ++ tail -n1
    ++ /usr/bin/dig friendr.nl +short
  • CURRENT_RESOLV=84.22.106.78
  • β€˜[’ β€˜!’ -z 84.22.106.78 β€˜]’
  • grep -m1 -q resolve
  • /usr/local/bin/curl --help
  • CURL_RESOLV_OPTIONS=’–resolve friendr.nl:80:84.22.106.78 --resolve friendr.nl:443:84.22.106.78’
  • grep -m1 -q β€˜HTTP.*200’
  • /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve friendr.nl:80:84.22.106.78 --resolve friendr.nl:443:84.22.106.78 -I -L -X GET http://friendr.nl/.well-known/acme-challenge/letsencrypt_1596019631
  • β€˜[’ β€˜β€™ = silent β€˜]’
  • β€˜[’ -s /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge/letsencrypt_1596019631 β€˜]’
  • for domain_name in β€˜echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"’
  • caa_check www.friendr.nl
  • CAA_OK=true
    ++ tail -n1
    ++ grep -v β€˜.$’
    ++ /usr/bin/dig @8.8.8.8 AAAA www.friendr.nl +short
  • IP_TO_RESOLV=
  • β€˜[’ 0 -eq 9 β€˜]’
    ++ awk -F. β€˜{b=$NF;for(i=NF-1;i>0;i–){b=$i FS b;print b}}’
    ++ echo www.friendr.nl
  • for i in β€˜echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''’
  • grep -m1 -q -F – issue
  • /usr/bin/dig CAA friendr.nl @8.8.8.8 +short
  • grep -m1 -q -F – SERVFAIL
  • /usr/bin/dig CAA friendr.nl @8.8.8.8
  • for i in β€˜echo ${1} | awk -F'\''.'\'' '\''{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'\''’
  • grep -m1 -q -F – issue
  • /usr/bin/dig CAA www.friendr.nl @8.8.8.8 +short
  • grep -m1 -q -F – SERVFAIL
  • /usr/bin/dig CAA www.friendr.nl @8.8.8.8
  • true
  • β€˜[’ http = http β€˜]’
  • challenge_check www.friendr.nl
  • β€˜[’ β€˜!’ -d /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge β€˜]’
  • touch /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge/letsencrypt_1596019631
  • chmod 644 /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge/letsencrypt_1596019631
  • chown webapps:webapps /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge/letsencrypt_1596019631
  • CURL_RESOLV_OPTIONS=
    ++ tail -n1
    ++ grep -v β€˜.$’
    ++ /usr/bin/dig @8.8.8.8 AAAA www.friendr.nl +short
  • IP_TO_RESOLV=
  • β€˜[’ 0 -eq 9 β€˜]’
  • grep -m1 -q :
  • echo β€˜β€™
  • IP_TO_RESOLV=
  • β€˜[’ -z β€˜β€™ β€˜]’
    ++ tail -n1
    ++ /usr/bin/dig @8.8.8.8 www.friendr.nl +short
  • IP_TO_RESOLV=84.22.106.78
    ++ tail -n1
    ++ /usr/bin/dig www.friendr.nl +short
  • CURRENT_RESOLV=84.22.106.78
  • β€˜[’ -z 84.22.106.78 β€˜]’
  • β€˜[’ -x /sbin/ping6 β€˜]’
  • β€˜[’ -x /usr/sbin/ping6 β€˜]’
  • false
  • ping6 -q -c 1 -W 1 www.friendr.nl
    ++ tail -n1
    ++ /usr/bin/dig @8.8.8.8 www.friendr.nl +short
  • IP_TO_RESOLV=84.22.106.78
    ++ tail -n1
    ++ /usr/bin/dig www.friendr.nl +short
  • CURRENT_RESOLV=84.22.106.78
  • β€˜[’ β€˜!’ -z 84.22.106.78 β€˜]’
  • grep -m1 -q resolve
  • /usr/local/bin/curl --help
  • CURL_RESOLV_OPTIONS=’–resolve www.friendr.nl:80:84.22.106.78 --resolve www.friendr.nl:443:84.22.106.78’
  • grep -m1 -q β€˜HTTP.*200’
  • /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve www.friendr.nl:80:84.22.106.78 --resolve www.friendr.nl:443:84.22.106.78 -I -L -X GET http://www.friendr.nl/.well-known/acme-challenge/letsencrypt_1596019631
  • β€˜[’ β€˜β€™ = silent β€˜]’
  • β€˜[’ -s /home/admin/domains/friendr.nl/public_html/.well-known/acme-challenge/letsencrypt_1596019631 β€˜]’
  • β€˜[’ request = request_full β€˜]’
  • β€˜[’ request = request_single β€˜]’
  • β€˜[’ request = request β€˜]’
  • /usr/local/bin/lego --path /usr/local/directadmin/data/.lego --dns.resolvers 8.8.8.8 --accept-tos -s https://acme-staging-v02.api.letsencrypt.org/directory -m admin@maakhierjewebsite.nl --http --http.webroot /var/www/html -d friendr.nl -d www.friendr.nl --key-type ec256 run --no-bundle
    2020/07/29 12:47:12 No key found for account admin@maakhierjewebsite.nl. Generating a P256 key.
    2020/07/29 12:47:12 Saved key to /usr/local/directadmin/data/.lego/accounts/acme-staging-v02.api.letsencrypt.org/admin@maakhierjewebsite.nl/keys/admin@maakhierjewebsite.nl.key
    2020/07/29 12:47:13 [INFO] acme: Registering account for admin@maakhierjewebsite.nl
    !!! HEADS UP !!!

Your account credentials have been saved in your Let’s Encrypt
configuration directory at β€œ/usr/local/directadmin/data/.lego/accounts”.

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.
2020/07/29 12:47:13 [INFO] [friendr.nl, www.friendr.nl] acme: Obtaining SAN certificate
2020/07/29 12:47:14 [INFO] [friendr.nl] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/84866755
2020/07/29 12:47:14 [INFO] [www.friendr.nl] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/84866756
2020/07/29 12:47:14 [INFO] [friendr.nl] acme: Could not find solver for: tls-alpn-01
2020/07/29 12:47:14 [INFO] [friendr.nl] acme: use http-01 solver
2020/07/29 12:47:14 [INFO] [www.friendr.nl] acme: Could not find solver for: tls-alpn-01
2020/07/29 12:47:14 [INFO] [www.friendr.nl] acme: use http-01 solver
2020/07/29 12:47:14 [INFO] [friendr.nl] acme: Trying to solve HTTP-01
2020/07/29 12:47:19 [INFO] [www.friendr.nl] acme: Trying to solve HTTP-01
2020/07/29 12:47:25 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/84866755
2020/07/29 12:47:25 [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/84866755
2020/07/29 12:47:25 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/84866756
2020/07/29 12:47:26 [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/84866756
2020/07/29 12:47:26 Could not obtain certificates:
error: one or more domains had a problem:
[friendr.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://friendr.nl/.well-known/acme-challenge/v8lKLFtxnymju82qap-vQndEdixXaaICh0nj4qQWcMM [84.22.106.78]: β€œ\n\n404 Not Found\n\n

Not Found

\nTh”, url:
[www.friendr.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.friendr.nl/.well-known/acme-challenge/OWPNn1qH63WDbWOO84m46l0Za1YY9Sv4mAmOSrqD7CA [84.22.106.78]: β€œ\n\n404 Not Found\n\n

Not Found

\nTh”, url:
  • β€˜[’ 1 -eq 0 β€˜]’
  • echo β€˜Certificate generation failed.’
    Certificate generation failed.
  • exit 1
6

I’ve downgraded letsencrypt from version 2.0.7 to 1.1.42 and it’s working again!

This is partially good news. Good in that it’s all working again. But bad because I can’t upgrade letsencrypt any longer.

I’ve been trying to compare the code from different versions and I’m by far no professional programmer, but could it have to do with a piece of code in 1.1.42 starting with β€œ#We need the domain to match in /etc/virtual/domainowners” on line 188?

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.