Authorization error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
http://nextcloud.raspberry.cloud

I ran this command:
apachectl -s
apachectl -t -d dump-vhosts

It produced this output:

VirtualHost configuration:
*:80                   nextcloud.raspberry.cloud (/etc/apache2/sites-enabled/nextcloud.raspberry.cloud.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
snytax ok


My web server is (include version):
raspberry pi 4 model b

The operating system my web server runs on is (include version):
ubuntu latest 22.04

My hosting provider, if applicable, is:
nextcloud, apache2, mariadb

I can login to a root shell on my machine (yes or no, or I don't know):
yes I can SSH in using the numerial IP address but not the hostname?

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.32.1

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: nextcloud.raspberry.cloud
  Type:   unauthorized
  Detail: 91.195.240.12: Invalid response from http://nextcloud.raspberry.cloud/.well-known/acme-challenge/bLPvwxl4Of3igyOm814fi82sFDtN8V0N5tO5TZsdXOk: "<!DOCTYPE html><html lang=\"en\"  data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXW"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2022-12-11 15:01:27,719:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-12-11 15:01:27,719:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-12-11 15:01:27,719:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-12-11 15:01:28,141:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/2581/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/main.py", line 1441, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/2581/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-12-11 15:01:28,151:ERROR:certbot._internal.log:Some challenges have failed.

Hello,
Trying to opensource my life so prefer not to use webroot over apache but can't get certificate authority to work due to an invalid response (unauthorized). I'm sure it is my doing because I also cannot reach the domain but I can reach the IP address. I can ping it fine.

The error log in var/ reports my desktops' IP was denied by server configuration - if that helps!

What Certbot command was used?

4 Likes

Hi Osiris,

sudo certbot --apache.

Ok, thanks.

Is your hostname pointing to the correct IP address? Because when I run a curl -LIv nextcloud.raspberry.cloud, I'm sometimes getting a response from a webserver identifying as "NginX" and sometimes a simple "connection reset by peer". And when I do a whois 91.195.240.12 it tells me the IP address belongs to "Sedo Domain Parking"?

5 Likes

From your Pi, what shows?;
curl -4 ifconfig.co
curl -4 ifconfig.io

[either one should work]

3 Likes

Think I've figured out something because of what you said above, it sort of pointed me into the adjacent possible!
I think I incorrectly (?) assumed that I also get a domain from apache. I literally put my desired domain in the hosts file and thought i'd do the same somewhere in setting up apache and forgot about it.
Am I correct in saying that I cannot solve the HTTPS issue with certbot unless I have a given domain name?

curl gave me 185.195.232.143

Then that should be in the DNS A record. But, you currently have this:

91.195.240.12
3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.