Authorization error

dairymilkbatman · December 11, 2022, 3:11pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
http://nextcloud.raspberry.cloud

I ran this command:
apachectl -s
apachectl -t -d dump-vhosts

It produced this output:

VirtualHost configuration:
*:80                   nextcloud.raspberry.cloud (/etc/apache2/sites-enabled/nextcloud.raspberry.cloud.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
snytax ok

My web server is (include version):
raspberry pi 4 model b

The operating system my web server runs on is (include version):
ubuntu latest 22.04

My hosting provider, if applicable, is:
nextcloud, apache2, mariadb

I can login to a root shell on my machine (yes or no, or I don't know):
yes I can SSH in using the numerial IP address but not the hostname?

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.32.1

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: nextcloud.raspberry.cloud
  Type:   unauthorized
  Detail: 91.195.240.12: Invalid response from http://nextcloud.raspberry.cloud/.well-known/acme-challenge/bLPvwxl4Of3igyOm814fi82sFDtN8V0N5tO5TZsdXOk: "<!DOCTYPE html><html lang=\"en\"  data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXW"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2022-12-11 15:01:27,719:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-12-11 15:01:27,719:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-12-11 15:01:27,719:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-12-11 15:01:28,141:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/2581/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/main.py", line 1441, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-12-11 15:01:28,151:ERROR:certbot._internal.log:Some challenges have failed.

Hello,
Trying to opensource my life so prefer not to use webroot over apache but can't get certificate authority to work due to an invalid response (unauthorized). I'm sure it is my doing because I also cannot reach the domain but I can reach the IP address. I can ping it fine.

dairymilkbatman · December 11, 2022, 3:13pm

The error log in var/ reports my desktops' IP was denied by server configuration - if that helps!

Osiris · December 11, 2022, 3:15pm

What Certbot command was used?

dairymilkbatman · December 11, 2022, 3:50pm

Hi Osiris,

sudo certbot --apache.

Osiris · December 11, 2022, 4:12pm

Ok, thanks.

Is your hostname pointing to the correct IP address? Because when I run a curl -LIv nextcloud.raspberry.cloud, I'm sometimes getting a response from a webserver identifying as "NginX" and sometimes a simple "connection reset by peer". And when I do a whois 91.195.240.12 it tells me the IP address belongs to "Sedo Domain Parking"?

rg305 · December 12, 2022, 1:31am

From your Pi, what shows?;
curl -4 ifconfig.co
curl -4 ifconfig.io

[either one should work]

dairymilkbatman · December 12, 2022, 7:11am

Think I've figured out something because of what you said above, it sort of pointed me into the adjacent possible!
I think I incorrectly (?) assumed that I also get a domain from apache. I literally put my desired domain in the hosts file and thought i'd do the same somewhere in setting up apache and forgot about it.
Am I correct in saying that I cannot solve the HTTPS issue with certbot unless I have a given domain name?

curl gave me 185.195.232.143

MikeMcQ · December 12, 2022, 1:09pm

Then that should be in the DNS A record. But, you currently have this:

91.195.240.12

system · January 11, 2023, 1:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Website broken after running certbot --apache Help	5	1482	November 9, 2019
Raspbian, Stretch, Apache2, Webroot, Failed Authorization Help	11	1531	March 21, 2018
Error on line 34 of /etc/apache2/sites-enabled/000-default-le-ssl.conf: Help	2	1594	August 18, 2022
Invalid response Help	17	2679	October 8, 2018
Fresh Ubuntu/Apache2/Owncloud Help	3	791	September 27, 2018

Authorization error

Related topics