"authorizations for these names not found or expired" error


#1

Hi!

I’m trying to obtain a certificate for www.danhorton.net. I’m following the exact same procedures that work fine for about 10 other domains. The only thing that is different with this domain is that the DNS configuration changed on 28 June, but I would expect that by now every cache has expired.

I can create files in the /.well-known/acme-challenge/ directory and I can download them successfully (no surprise, because all this works for other domains). But when I try to obtain the certificate, there are no requests to my web server at all. Instead, I get the above-mentioned error.

My domain is:
www.danhorton.net

I ran this command:
sudo -u letsencrypt python bin/acme_tiny.py --account-key ./account.key --csr csrs/www.danhorton.net.csr --acme-dir /var/local/letsencrypt/challenges/ > /var/local/letsencrypt/certs/www.danhorton.net.pem

It produced this output:
Parsing account key…
Parsing CSR…
Registering account…
Already registered!
Signing certificate…
Traceback (most recent call last):
File “bin/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “bin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File “bin/acme_tiny.py”, line 161, in get_crt
raise ValueError(“Error signing certificate: {0} {1}”.format(code, result))
ValueError: Error signing certificate: 403 {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Error creating new cert :: authorizations for these names not found or expired: www.danhorton.net”,
“status”: 403
}

My web server is (include version):
Apache 2.4.25

The operating system my web server runs on is (include version):
Debian stretch

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

Any ideas or hints what I might check?

Thanks a lot,

Hendrik


#2

Could be this bug with acme_tiny with some versions of OpenSSL: https://github.com/diafygi/acme-tiny/pull/169

Try using a recent copy of the script.


#3

Brilliant, that worked! I had obtained a certificate for a different domain in the meantime in order to verify that my toolchain works, and that had worked without any problems. But indeed, a new version of acme_tiny.py helped. Thank you!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.