Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
example.com
I ran this command:
sudo certbot certonly -d example.com -d www.example.com
It produced this output:
Failed authorization procedure
My web server is (include version): Apache 2.4
The operating system my web server runs on is (include version): Ubuntu 18.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.23
I am new to Apache and server stuff.
Been trying to get a certificate from letsencrypt via Apache2 on Ubuntu 18.04.
However, I am getting an error which is Failed authorization procedure
.
Can anyone help me out to figure out this problem?
Summary:
- The problem: Can’t get a certificate with a problem
Failed authorization procedure
. - The goal: Want to create a certificate for SSL which I may know how to set it up so that my topic is going to be focusing on how to get the certificate.
- Ubuntu version: 18.04
- Apache version: 2.4
Tried to access to http://example.com/.well-known/acme-challenge/test
which is created manually and the test is just a text file. But it turned out displaying Not Found
page with saying You don't have permission to access /.well-known/acme-challenge/test on this server.
I did modify /etc/apache2/sites-available/example.com.conf
a little bit too much. I’ve kind of reached where my brain is confused about what I did.
/etc/apache2/sites-available/example.com.conf
WSGIPythonHome "/home/bob/flask"
WSGIPythonPath "/home/bob/flask/python3.6/site-packages"
NameVirtualHost *:80
<VirtualHost *:80>
# Add machine's IP address (use ifconfig command)
ServerAdmin bob@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com
# Give an alias to to start your website url with
WSGIDaemonProcess example.com user=www-data group=www-data threads=5
WSGIScriptAlias / /var/www/example.com/assess.wsgi
<Directory /var/www/example.com/>
# set permissions as per apache2.conf file
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Alias /.well-known/acme-challenge/ /example.com/.well-known/acme-challenge/
<Directory /var/www/example.com/.well-known/acme-challenge>
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
# RewriteEngine on
# RewriteCond %{SERVER_NAME} = example.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
# SSLEngine on
# SSLCertificateFile /etc/ssl/certs/barracuda.crt
# SSLCertificateKeyFile /etc/ssl/private/barracuda.key
# Redirect "/assess" "https://localhost/"
</VirtualHost>
This is the outputs of a command, sudo certbot certonly -d example.com -d www.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
Input the webroot for example.com: (Enter 'c' to cancel): /var/www/example.com
Select the webroot for www.example.com:
-------------------------------------------------------------------------------
1: Enter a new webroot
2: /var/www/example.com
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/GENAiPDAT0J6dRekLdiKDwOnA5Vf-3xcqyOxJt9Ke38 [2606:2800:220:1:248:1893:25c8:1946]: "<!doctype html>\n<html>\n<head>\n <title>Example Domain</title>\n\n <meta charset=\"utf-8\" />\n <meta http-equiv=\"Content-type", example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/sRteUqLGER3OzwEDYFi5xLRWhBJdyHkWaAUa1k1tMTY [2606:2800:220:1:248:1893:25c8:1946]: "<!doctype html>\n<html>\n<head>\n <title>Example Domain</title>\n\n <meta charset=\"utf-8\" />\n <meta http-equiv=\"Content-type"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.example.com
Type: unauthorized
Detail: Invalid response from
http://www.example.com/.well-known/acme-challenge/GENAiPDAT0J6dRekLdiKDwOnA5Vf-3xcqyOxJt9Ke38
[2606:2800:220:1:248:1893:25c8:1946]: "<!doctype
html>\n<html>\n<head>\n <title>Example Domain</title>\n\n
<meta charset=\"utf-8\" />\n <meta http-equiv=\"Content-type"
Domain: example.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/sRteUqLGER3OzwEDYFi5xLRWhBJdyHkWaAUa1k1tMTY
[2606:2800:220:1:248:1893:25c8:1946]: "<!doctype
html>\n<html>\n<head>\n <title>Example Domain</title>\n\n
<meta charset=\"utf-8\" />\n <meta http-equiv=\"Content-type"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Again, my goal is to get a certificate from letsencript.