Authorization Failed message

Help
1

Hi,
I get authorization failed message for domain: dapna.ir and more info is available at:

Response from lets encrypt is:

domain: dapna.ir , sub-domains:*.dapna.ir,dapna.ir
✘ invalid authorization.

can you tell me what is the problem?

2

Hi @smesgary

I've moved your question to a new topic, that makes things easier.

you use a new Letsencrypt-certificate

CN=dapna.ir
	11.05.2019
	09.08.2019
expires in 82 days	*.dapna.ir, dapna.ir - 2 entries

so there is no need to create a new certificate.

There are some "not so good configurations" you should fix. But nothing is really critical (Grade Z, Y, X, V, W, T, N, L, R, P, Q, S).

Where do you see that

error message?

If you use a Letsencrypt client, there is a standard template:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

3

I use LEClient : https://github.com/yourivw/LEClient to get certificate.

Because it was important for me, when i faced with error, i get certificate from sslforfree.com and it was ok, but still i cant get certificate from LEClient from my PHP code.

generally, why this error happen?

4

I don't know what that client is doing. Which challenge do you use? http-01 or dns-01?

If you want to create a wildcard certificate, you have to use dns-01 validation.

So that client must create a DNS TXT entry. But there ( https://check-your-website.server-daten.de/?q=dapna.ir#txt ) is no TXT entry.

And the nameserver is buggy.

5

I use dns-01 but in response of https://acme-v02.api.letsencrypt.org/acme/order/ API, instead of TXT records, lets’s encrypt message is: invalid authorization, and dont send me TXT records to put on DNS server.

6

But does your nameserver support an API?

I don't see if that client support different dns APIs like Certbot or acme.sh.

7

Yes, I have my own nameserver and it support API and i use LEClient as api to send requests to Let’s Encrypt and give me the TXT records. But in some times, like this time for this domain, Let’s Encrypt send Authorization Failed instead of TXT records and I don’t know what to do to solve it.

8

Then you should fix your own nameservers. Looks very buggy if this

Domain	Nameserver	NS-IP
www.dapna.ir
	• 
		
dapna.ir
	• 
		
ir
	T  a.nic.ir

is shown. Compare this result with other results, the tool doesn't find the name of your nameserver. Ok, may be a bug, but normally there are the domain names and ip addresses of name servers visible.

Perhaps a wrong bot detection? Or a firewall that blocks too much?

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.