Dear community,

this question has been asked before and answered successfully for most. however, not for me.
I have not found a similar case where curl works and letsencrypt does not.

My domain is: die-schenks.dyndns.org, nextcloud.die-schenks.dyndns.org, owncloud.die-schenks.dyndns.org

I ran this command:
certbot certonly --webroot --webroot-path /var/www/html --agree-tos -w /etc/letsencrypt/ --expand -d die-schenks.dyndns.org,nextcloud.die-schenks.dyndns.org,owncloud.die-schenks.dyndns.org

It produced this output ( Ihad to garble http as the forum only allows 20 links?!)
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for die-schenks.dyndns.org
http-01 challenge for nextcloud.die-schenks.dyndns.org
http-01 challenge for owncloud.die-schenks.dyndns.org
Using the webroot path /etc/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. owncloud.die-schenks.dyndns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from ht tp://owncloud.die-schenks.dyndns.org/.well-known/acme-challenge/iffIkpt-q7l6wBwT4AoG0O7rO4zGsps1npNwWLfnMjI [89.244.123.125]: “\n\n404 Not Found\n\n

Not Found

\n<p”, die-schenks.dyndns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from ht tp://die-schenks.dyndns.org/.well-known/acme-challenge/PrAEJREkBydte9wa1J9uo08KGMvpBmwksn2HXSDbelE [89.244.123.125]: “\n\n404 Not Found\n\n

Not Found

\n<p”, nextcloud.die-schenks.dyndns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from ht tp://nextcloud.die-schenks.dyndns.org/.well-known/acme-challenge/9mYSfDEOX-aR9vECW4kRg26KZmX8I9XG4UzZssxxErU [89.244.123.125]: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: owncloud.die-schenks.dyndns.org
  Type: unauthorized
  Detail: Invalid response from
  ht tp://owncloud.die-schenks.dyndns.org/.well-known/acme-challenge/iffIkpt-q7l6wBwT4AoG0O7rO4zGsps1npNwWLfnMjI
  [89.244.123.125]: “\n\n404 Not
  Found\n\n

  Not Found

  \n<p”

  Domain: die-schenks.dyndns.org
  Type: unauthorized
  Detail: Invalid response from
  ht tp://die-schenks.dyndns.org/.well-known/acme-challenge/PrAEJREkBydte9wa1J9uo08KGMvpBmwksn2HXSDbelE
  [89.244.123.125]: “\n\n404 Not
  Found\n\n

  Not Found

  \n<p”

  Domain: nextcloud.die-schenks.dyndns.org
  Type: unauthorized
  Detail: Invalid response from
  ht tp://nextcloud.die-schenks.dyndns.org/.well-known/acme-challenge/9mYSfDEOX-aR9vECW4kRg26KZmX8I9XG4UzZssxxErU
  [89.244.123.125]: “\n\n404 Not
  Found\n\n

  Not Found

  \n<p”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version):
Apache 2.4.38 ubuntu

The operating system my web server runs on is (include version):
NAME=“Ubuntu”
VERSION=“19.04 (Disco Dingo)”

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

if I test with curl it works:
curl -ikL4 ht tp://nextcloud.die-schenks.dyndns.org/.well-known/acme-challenge/nag
HTTP/1.1 200 OK
Date: Wed, 21 Aug 2019 21:09:15 GMT
Server: Apache/2.4.38 (Ubuntu)
Last-Modified: Wed, 21 Aug 2019 20:45:21 GMT
ETag: “b-590a6a6d1715b”
Accept-Ranges: bytes
Content-Length: 11

HalloHallo

I cannot find a hint what is going wrong. I read about an issue with ipv6 (which I dont have on my lan). I am using dyndns for name resolving and removed the ipv6 entry.
It looks like the request uses ipv4 as one can the in the response of letsencrypt.

The server is in the lan behind a fritz box router, which forwards the ports 443 and 80. The web server config is stripped down just to get letsencrypt on port 80 running. usually it is a reverse proxy on 443.

apache config:
<VirtualHost *:80>
ServerName die-schenks.dyndns.org
ServerAlias nextcloud.die-schenks.dyndns.org
ServerAlias owncloud.die-schenks.dyndns.org

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

I run all command as root.

Thanks for your help

Hi @cryptorius

your command looks wrong. --webroot-path and -w are the same, -w is the shortcut.

So the perhaps wrong -w option is used.

Read

https://certbot.eff.org/docs/using.html

  --webroot-path WEBROOT_PATH, -w WEBROOT_PATH
                        public_html / webroot path. This can be specified
                        multiple times to handle different domains; each
                        domain will have the webroot path that preceded it.
                        For instance: `-w /var/www/example -d example.com -d
                        www.example.com -w /var/www/thing -d thing.net -d
                        m.thing.net` (default: Ask)

Checked your file https://check-your-website.server-daten.de/?q=nextcloud.die-schenks.dyndns.org%2F.well-known%2Facme-challenge%2Fnag that looks good:

The expected result http status 200. Your https is wrong, port 443 sends http content. But now that's not a problem.

So remove the -w option and the value and use your correct webroot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.