Authorization Error on Azure Ubuntu VM

Hello,
I’m setting up a VM on Azure to run Jupyterhub and using Letsencrypt for the SSL certificate. I’m following the tutorial here and just need to get this thing up and running. Everything went fine until ~ min 18. I ran:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly --standalone -d XXXXX.cloudapp.net

The last command produces:
“An unexpected error ocurred:
Error creating new authz
Please see the logfiles in /var/log/letsencrypt for more details.”

Running:
Ubuntu 16.04.2 LTS xenial

First time I’ve ever attempted anything like this (or really even used Linux for that matter), so I’m just trying to figure things out as I go along. I’d appreciate any help to get this resolved. Thanks!

hi @hubbs5

you really should fill out the relevant components

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

Using git clone is not a recommended method

Review install methods here (ubuntu and apache) : https://certbot.eff.org/#ubuntuxenial-apache

You should also post the log content as it help narrow down what the issue is

Andrei

You can see what files exist in /var/log/letsencrypt by running ls /var/log/letsencrypt, and view the contents of individual ones with cat (or interactively with less, which is less useful for posting them here).

Ok, thanks for some direction on getting to the files! From what I can tell looking into them, this is where the issue arises:

File "/home/u755275/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 570, in _check_response raise messages.Error.from_json(jobj) Error: urn:acme:error:rejectedIdentifier :: Error creating new authz

I also looked at the link that @ahaw021 shared and ran the commands there:

sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apache

and then tried the commands I ran before and some other permutations but all result in the same error with the same message in the log file.

My OS:
Ubuntu 16.04.02 LTS xenial
Web server:
Not sure where to find this
Hosting Provider:
Microsoft Azure
I can login to root.

Hi I am also getting this error. I am using CentOS7 cloud hosted solution with linode.com.

I cannot find anything to solve this issue on the net. Please can we get some resolution to this problem.

I am running the following command to setup my cert:

letsencrypt-auto certonly --standalone -d example.com

(I am not specifying the actual domain above)
I want to produce the certificate to use with webserver: glassfish server 4.1.1.

This produces:

017-04-24 18:23:41,426:DEBUG:acme.client:Received response:
HTTP 400
content-length: 106
boulder-request-id: Ya8ifD2DlJCarbT020x-30Em-sp42r0AWke7nCcwWuc
expires: Mon, 24 Apr 2017 18:23:41 GMT
server: nginx
cache-control: max-age=0, no-cache, no-store
connection: close
pragma: no-cache
boulder-requester: 13222372
date: Mon, 24 Apr 2017 18:23:41 GMT
content-type: application/problem+json
replay-nonce: TYnoBZ3ZRQP18-jiQpXhilgqPVY-CXH5P1MVIvDUJQw

{
  "type": "urn:acme:error:rejectedIdentifier",
  "detail": "Error creating new authz",
  "status": 400
}

2017-04-24 18:23:41,427:DEBUG:acme.client:Storing nonce: TYnoBZ3ZRQP18-jiQpXhilgqPVY-CXH5P1MVIvDUJQw
2017-04-24 18:23:41,430:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 9, in <module>
    load_entry_point('certbot==0.12.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 896, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 692, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 92, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 294, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 265, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 67, in get_authorizations
    domain, self.account.regr.new_authzr_uri)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 228, in request_domain_challenges
    typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 208, in request_challenges
    new_authz)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 686, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 699, in _post_once
    return self._check_response(response, content_type=content_type)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 586, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:acme:error:rejectedIdentifier :: Error creating new authz

@cpu, do you know what can cause urn:acme:error:rejectedIdentifier on the CA side?

AFAIK this only happens for the case where the identifier matched to a domain we won't issue for by policy.

@xerocool84 For your case in particular I was able to find your failing new-authz request in the server logs to determine which domain name was being rejected. Since you explicitly did not share the domain I won't either, but I can confirm that my answer to @schoen applies in your case.

As a follow-up, there is a Boulder bug that was preventing the full detail message from being included here. It should have returned a slightly more obvious detailed error message "Error creating new authz :: Policy forbids issuing for name" instead of just "Error creating new authz".

I have a fix in the works: Embed detail msg for RejectedIdentifier and InvalidEmail probs. by cpu · Pull Request #2704 · letsencrypt/boulder · GitHub

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.