Hi, I have a webserver with a lot of domains, most of them with running let’s encrypt certificates.
But on a new domain, Certbot doesn’t validate the domain, and gives “Not found error”. I guess that is Certbot not CREATING the validation file, because as recommended I put a file on the acme-challenge and I CAN ACCESS IT VIA BROWSER.
Technical data:
Domain: http://amvvidal.es/
Test file: http://amvvidal.es/.well-known/acme-challenge/test
Server: Debian 8 (Jessie)
Command: certbot certonly --webroot -w /home/amvvidal/public_html -d amvvidal.es -vvvvv
Output:
Root logging level set at -30
Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot version: 0.10.2
Arguments: ['--webroot', '-w', '/home/amvvidal/public_html', '-d', 'amvvidal.es', '-vvvvv']
Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fddd1a933d0>
Prep: True
Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fddd1a933d0> and installer None
Picked account: <Account(83a270fd834702a7a2d9819e935b7642)>
Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
"GET /directory HTTP/1.1" 200 460
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 460
Boulder-Request-Id: eEpgR9bjijANFurJl8RJvTsOo9xbypusjylNpfU_zaY
Replay-Nonce: et1rGmOgQHP0qZJfF-8rukjg0rEIERmq256MzIhiCyo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 11 Aug 2017 12:33:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 11 Aug 2017 12:33:13 GMT
Connection: keep-alive
{
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Requesting fresh nonce
Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
"HEAD /acme/new-authz HTTP/1.1" 405 0
Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: vxYPqwyGhYVpUKMtQsTp4iuWh-Yi_p0ltzI13Kqer2E
Replay-Nonce: MiQfv7zALpPOTdhSTG78L16JtvEJIyNsCCqw9h2aXn4
Expires: Fri, 11 Aug 2017 12:33:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 11 Aug 2017 12:33:14 GMT
Connection: keep-alive
Storing nonce: MiQfv7zALpPOTdhSTG78L16JtvEJIyNsCCqw9h2aXn4
JWS payload:
{
"identifier": {
"type": "dns",
"value": "amvvidal.es"
},
"resource": "new-authz"
}
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "0ziqSNrXLEwWNbYwiv_Kzcfs6xJlSYk_zDjslzm0Bj3H0fWhy86zGzx_qfHSSsqPUNqprb1YY7cpqNTB90b-E1GsQyqYh5ZeUCOQYOS9MzDWnIU0Nn77KAMlP3autNapE1Kj0AvvZUrkMDQMUqGlqNAgn9pWQt5Gx0wcab2uI7ybn4K9goUQDIkwYbx4l9TKhMkbM_bF_np-Dgqxff7rWCk5lnNi7H1p7YKgcumiH-lcEEwbCV0TVFxDc_M_aqhdXjIH2KDaPvPZl5YVMaDcxk4CP_gXDl4oW-ADkD0Nl0Z2Z2Iga0Pou7Xvt5PylquOAd1nyM7hwsTY4Y9cuWKlzQ"
}
},
"protected": "eyJub25jZSI6ICJNaVFmdjd6QUxwUE9UZGhTVEc3OEwxNkp0dkVKSXlOc0NDcXc5aDJhWG40In0",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiYW12dmlkYWwuZXMiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ",
"signature": "N3IsIEnE6xhamborxx2hzPjyepW1RTOrKUSJnz3HW_0snzNznvcXpopBJNzgWTnEtp7l27OXUi0An0OZjxVc8e3Pus3XLDVRGLIOXypxPyBdTfxa5ntGR6maRo-q5DX39Iw7YXWJ3OcCn1xZSiay8czq48Wm6DwiB-XAzOP9IfS2UUvouuurNpICQfj7odtxtUJZVxg8LnphRVoU6IlDIWLM0KevD0v_eihqF-sZuKmZNJ3Dqo_q77ZIZO9iLvAgRteNGMgd3U3EQ9I6FuTHAZ4CnvlkZ0du3dUttdRhgDnXU_z_QjO05uOBB81NMPTrQsT7J445Q9w252NTkXbxvw"
}
"POST /acme/new-authz HTTP/1.1" 201 998
Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 998
Boulder-Request-Id: z2kNrJaZ_Ho4-Vn7YtRNvWNgTIs3hA3JyQWX-94BqKo
Boulder-Requester: 18167688
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc
Replay-Nonce: 5PCNhsbAIDU1vavO5vFl9sksB5Cff02noRw8DJ9YDzg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 11 Aug 2017 12:33:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 11 Aug 2017 12:33:14 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "amvvidal.es"
},
"status": "pending",
"expires": "2017-08-18T12:33:14.25989014Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361100",
"token": "QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361102",
"token": "cON3K23m1SrM6Dsri2EYkA3LXVrcqHrnc0tzW_lyr-k"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361104",
"token": "W-xDyLyXyp67AMJJ9tJ82U4g03PLBFs8B5coT6040cA"
}
],
"combinations": [
[
2
],
[
0
],
[
1
]
]
}
Storing nonce: 5PCNhsbAIDU1vavO5vFl9sksB5Cff02noRw8DJ9YDzg
Performing the following challenges:
http-01 challenge for amvvidal.es
Using the webroot path /home/amvvidal/public_html for all unmatched domains.
Creating root challenges validation dir at /home/amvvidal/public_html/.well-known/acme-challenge
Attempting to save validation to /home/amvvidal/public_html/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk
Waiting for verification...
JWS payload:
{
"keyAuthorization": "QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk.20PNKnq4Q-4QDN3vLY-aWWzNM0dKP23_2s_LRIfbKyo",
"type": "http-01",
"resource": "challenge"
}
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361100:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "0ziqSNrXLEwWNbYwiv_Kzcfs6xJlSYk_zDjslzm0Bj3H0fWhy86zGzx_qfHSSsqPUNqprb1YY7cpqNTB90b-E1GsQyqYh5ZeUCOQYOS9MzDWnIU0Nn77KAMlP3autNapE1Kj0AvvZUrkMDQMUqGlqNAgn9pWQt5Gx0wcab2uI7ybn4K9goUQDIkwYbx4l9TKhMkbM_bF_np-Dgqxff7rWCk5lnNi7H1p7YKgcumiH-lcEEwbCV0TVFxDc_M_aqhdXjIH2KDaPvPZl5YVMaDcxk4CP_gXDl4oW-ADkD0Nl0Z2Z2Iga0Pou7Xvt5PylquOAd1nyM7hwsTY4Y9cuWKlzQ"
}
},
"protected": "eyJub25jZSI6ICI1UENOaHNiQUlEVTF2YXZPNXZGbDlza3NCNUNmZjAybm9SdzhESjlZRHpnIn0",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIlFBTGJZNzBfSmx0WDlWNERudVlUd0VIMDh4RWxjWUtuX0owUHkwZG1wU2suMjBQTktucTRRLTRRRE4zdkxZLWFXV3pOTTBkS1AyM18yc19MUklmYkt5byIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "vXpE3vrzjcFU_H8jL9iYBtFsObc7Ms7EqJ0aJ5a8VfrGuuYB5V2JTZawjjErJZkFo0L3cO8H0TBpnRTrVvpLVyur6hkKKzf3Z9G1V63oQ-7OQclWlbMfI87y4GMuaF3NxbVbqoPAdwpXZ9wT5zR_ChsmK5Gjesbl4MY2B1aJr416EvzqbHneNUk-UN3xs1dBv3UHuJuWvNnJzeAV1RfvxD6fsOYGa-nUg7A5ObTfdOZ8LsSfj7g5a0WpGetbZ18VJdI3yHkMQSw8zwlExQef1Kv8GZgi5qu-HVYlsgGIkSFPHTpwfPFh4Yf2EozIMltUEa1ng07ypMhhiHeiPsRxGQ"
}
"POST /acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361100 HTTP/1.1" 202 336
Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Request-Id: -a0SYYGeWsFXCKQfQatosjKgWMvQZW3rm5g65cfNCPM
Boulder-Requester: 18167688
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361100
Replay-Nonce: 0vE4ScGMMm0xMq6DVuX-Mn83qOxf8QghTVw5SjITIDk
Expires: Fri, 11 Aug 2017 12:33:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 11 Aug 2017 12:33:14 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361100",
"token": "QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk",
"keyAuthorization": "QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk.20PNKnq4Q-4QDN3vLY-aWWzNM0dKP23_2s_LRIfbKyo"
}
Storing nonce: 0vE4ScGMMm0xMq6DVuX-Mn83qOxf8QghTVw5SjITIDk
Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc.
"GET /acme/authz/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc HTTP/1.1" 200 2403
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Boulder-Request-Id: ZbWpz6gB2dDbNvxGNtEGEGIRiW9Ryzaj6u2TskPgqkc
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: Blm433qFbqiykMMGykHJTiAttHA2VkH7jcQZaERZdwo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 2403
Expires: Fri, 11 Aug 2017 12:33:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 11 Aug 2017 12:33:17 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "amvvidal.es"
},
"status": "invalid",
"expires": "2017-08-18T12:33:14Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://amvvidal.es/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk: \"\u003c!DOCTYPE html\u003e\r\n\u003chtml lang=\"es-ES\" prefix=\"og: http://ogp.me/ns#\"\u003e\r\n\u003chead\u003e\r\n\t\u003ctitle\u003ePage Not Found \u0026raquo;\u003c/title\u003e\n\n\u003clink rel=\"\"",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361100",
"token": "QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk",
"keyAuthorization": "QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk.20PNKnq4Q-4QDN3vLY-aWWzNM0dKP23_2s_LRIfbKyo",
"validationRecord": [
{
"url": "http://www.amvvidal.es/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk",
"hostname": "www.amvvidal.es",
"port": "80",
"addressesResolved": [
"149.202.193.224",
"2001:8d8:1000:d200:fa6e:4c8c:db1d:8836"
],
"addressUsed": "149.202.193.224",
"addressesTried": []
},
{
"url": "http://amvvidal.es/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk",
"hostname": "amvvidal.es",
"port": "80",
"addressesResolved": [
"149.202.193.224",
"2001:8d8:1000:d200:fa6e:4c8c:db1d:8836"
],
"addressUsed": "2001:8d8:1000:d200:fa6e:4c8c:db1d:8836",
"addressesTried": []
}
]
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361102",
"token": "cON3K23m1SrM6Dsri2EYkA3LXVrcqHrnc0tzW_lyr-k"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/vemTOyfRxExZhgIuo12UAZHvnadVfx5EfdKKp-O2HQc/1729361104",
"token": "W-xDyLyXyp67AMJJ9tJ82U4g03PLBFs8B5coT6040cA"
}
],
"combinations": [
[
2
],
[
0
],
[
1
]
]
}
Reporting to user: The following errors were reported by the server:
Domain: amvvidal.es
Type: unauthorized
Detail: Invalid response from http://amvvidal.es/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk: "<!DOCTYPE html>
<html lang="es-ES" prefix="og: http://ogp.me/ns#">
<head>
<title>Page Not Found »</title>
<link rel=""
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
Cleaning up challenges
Removing /home/amvvidal/public_html/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk
Unable to clean up challenge directory /home/amvvidal/public_html/.well-known/acme-challenge
Error was: [Errno 39] Directory not empty: '/home/amvvidal/public_html/.well-known/acme-challenge'
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert
action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 107, in _auth_from_available
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 291, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 77, in get_authorizations
self._respond(resp, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 134, in _respond
self._poll_challenges(chall_update, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 198, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. amvvidal.es (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://amvvidal.es/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk: "<!DOCTYPE html>
<html lang="es-ES" prefix="og: http://ogp.me/ns#">
<head>
<title>Page Not Found »</title>
<link rel=""
Failed authorization procedure. amvvidal.es (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://amvvidal.es/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk: "<!DOCTYPE html>
<html lang="es-ES" prefix="og: http://ogp.me/ns#">
<head>
<title>Page Not Found »</title>
<link rel=""
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: amvvidal.es
Type: unauthorized
Detail: Invalid response from
http://amvvidal.es/.well-known/acme-challenge/QALbY70_JltX9V4DnuYTwEH08xElcYKn_J0Py0dmpSk:
"<!DOCTYPE html>
<html lang="es-ES" prefix="og: http://ogp.me/ns#">
<head>
<title>Page Not Found »</title>
<link rel=""
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.