Certbot acme challenge error: __autoload() is deprecated

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ppooe.at
I ran this command:
certbot --apache -d ppooe.at -d www.ppooe.at

It produced this output:
Performing the following challenges:
http-01 challenge for ppooe.at
http-01 challenge for www.ppooe.at
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.ppooe.at (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.ppooe.at/.well-known/acme-challenge/swGGsPtgSKbkj2hFEXGq1cF_0t1gOgsFM5A7r2JawQY:
\nDeprecated: __autoload() is deprecated, use spl_autoload_register() instead in /is/htdocs/wp1081159_O0QZ8IJHGJ”, ppooe.at (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ppooe.at/.well-known/acme-challenge/SP7YigN4H2B7W9YGbu0fy-K-PmTE75eMOCrr2zRFIOM:
\nDeprecated: __autoload() is deprecated, use spl_autoload_register() instead in /is/htdocs/wp1081159_O0QZ8IJHGJ”

IMPORTANT NOTES:

My web server is (include version):
apache 2.4.25

The operating system my web server runs on is (include version):
Debian 9.6

My hosting provider, if applicable, is:
on premise

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0

#2

Hi @sil

looks like your configuration has some errors ( https://check-your-website.server-daten.de/?q=ppooe.at ):

There are ipv4 and ipv6 addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
ppooe.at A 80.243.168.87 yes 1 0
AAAA 2a01:488:42:1000:50ed:847a:49:1a98 yes
www.ppooe.at A 80.243.168.87 yes 1 0
AAAA 2a01:488:42:1000:50ed:847a:49:1a98 yes

But ipv4 and ipv6 send different answers:

Domainname Http-Status redirect Sec. G
http://ppooe.at/
80.243.168.87 301 http://www.ppooe.at/ 0.077 D
http://www.ppooe.at/
2a01:488:42:1000:50ed:847a:49:1a98 301 http://ppooe.at/ 0.057 D
http://ppooe.at/
2a01:488:42:1000:50ed:847a:49:1a98 200 0.087 H
http://www.ppooe.at/
80.243.168.87 200 1.606 H
https://ppooe.at/
80.243.168.87 404 1.377 N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://ppooe.at/
2a01:488:42:1000:50ed:847a:49:1a98 -2 1.070 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it [2a01:488:42:1000:50ed:847a:49:1a98]:443
https://www.ppooe.at/
80.243.168.87 404 1.367 N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.ppooe.at/
2a01:488:42:1000:50ed:847a:49:1a98 -2 1.066 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it [2a01:488:42:1000:50ed:847a:49:1a98]:443
http://ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
80.243.168.87 301 http://ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de/ 0.070 D
http://www.ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
80.243.168.87 301 http://www.ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de/ 0.073 D
http://www.ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:488:42:1000:50ed:847a:49:1a98 301 http://ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.064 D
http://www.ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de/ 301 http://ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de/ 0.060 D
http://ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:488:42:1000:50ed:847a:49:1a98 200 0.080
http://ppooe.at/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de/ 200 0.087

The /.well-known/acme-challenge/unknown-file - check: Ipv4 and www/ipv6 have a redirect, adding a “/”.

Ipv6 + non-www has a http status 200, but http status 404 is expected.

Perhaps remove your ipv6, create a certificate and fix your ipv6 configuration.

Letsencrypt prefers ipv6, so this error is critical.

No idea. Perhaps a deploy-hook script.

1 Like
#3

Unrelated to the lack of HTTP auth, this seems to me like a loop:
image

#4

That response is from the webserver. Doesn’t have anything to do with deploy-hooks or certbot at all.

It’s just the PHP running on the IPv6 version of the site is completely broken.

2 Likes
#5

Yep, it’s a Grade L.

But /.well-known/acme-challenge/ doesn’t have the problem. So it’s possible to create a certificate. Then the loop should be fixed.

#6

Hi @JuergenAuer,
Thank you very much for your superb response!

Now I feel a little stupid that i have overseen the v6 records at migration :slight_smile:
Just got stuck at the __autoload() error - which comes from an old php script running on the old server.

Removed em and now everything works fine!
Thanks again and best Regards!

2 Likes
closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.