Certbot fail with "urn:acme:error:unauthorized :: The client lacks sufficient authorization"


#1

I’m currently trying to create certificate for this domain: mongoplayground.net

I’m running the certbot in a google cloud compute VM (ubuntu 16.04), so I can login to a root shell on my machine.
After trying standalone mode, I switched to manual mode. I’m using a golang file server to serve the content of a directory

I ran this command:

sudo certbot certonly --manual
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): mongoplayground.net,www.mongoplayground.net
Are you OK with your IP being logged? y

After that, I created the required files and made sure that it was accessible:

http://www.mongoplayground.net/.well-known/acme-challenge/n4v8qbTVKzL9UJGSJfflr92v7qPGjnlmNtFVxwqqYy0
http://www.mongoplayground.net/.well-known/acme-challenge/-yhb3-t2rF4Bp8Kmej_girBqO9qE-ReVQUTBsLT83Qw

but then got this error:

- The following errors were reported by the server:
   Domain: mongoplayground.net
   Type:   unauthorized
   Detail: Invalid response from
   http://mongoplayground.net/.well-known/acme-challenge/n4v8qbTVKzL9UJGSJfflr92v7qPGjnlmNtFVxwqqYy0:
   "<!DOCTYPE html><body style="padding:0;
   margin:0;"><html><body><iframe
   src="http://mcc.godaddy.com/park/rzWuqTWwrJ5fqTIvnTSkYzSlM"
   Domain: www.mongoplayground.net
   Type:   unauthorized
   Detail: Invalid response from
   http://www.mongoplayground.net/.well-known/acme-challenge/-yhb3-t2rF4Bp8Kmej_girBqO9qE-ReVQUTBsLT83Qw
   [184.168.221.32]: 404
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

DNS A record is configured from goDaddy, and point to the static IP of my VM.

What am I missing here ?
Thanks in advance


#2

Hi,

All files are correctly served.

However, can you try to use certbot certonly instead of certbot certonly --manual? (wondering what the manual flag is doing)

Thank you


#3

Hi @stevenzhu

the --manual file ask you to create manually the files. Without this flag, I get the same error:

$ sudo certbot certonly --standalone -d www.mongoplayground.net -d mongoplayground.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.mongoplayground.net
http-01 challenge for mongoplayground.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mongoplayground.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from
 http://mongoplayground.net/.well-known/acme-challenge/KL8Si7gXXiFsKhq4Gy7MiREg3ZlxEeki9TpRtuuYCyI: "<!DOCTYPE html><body style="padding:0; margin:0;"><html><bo
dy><iframe src="http://mcc.godaddy.com/park/rzWuqTWwrJ5fqTIvnTSkYzSlM", www.mongoplayground.net (http-01): urn:acme:error:unauthorized :: The client lacks suffi
cient authorization :: Invalid response from http://www.mongoplayground.net/.well-known/acme-challenge/Fv1VVoK8no0Q1PBzdlljnOKsxgAnoM6U6TKicl0E7cY: "<!DOCTYPE h
tml><body style="padding:0; margin:0;"><html><body><iframe src="http://mcc.godaddy.com/park/rzWuqTWwrJ5fqTIvnTSkYzSlM"
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: mongoplayground.net
   Type:   unauthorized
   Detail: Invalid response from
   http://mongoplayground.net/.well-known/acme-challenge/KL8Si7gXXiFsKhq4Gy7MiREg3ZlxEeki9TpRtuuYCyI:
   "<!DOCTYPE html><body style="padding:0;
   margin:0;"><html><body><iframe
   src="http://mcc.godaddy.com/park/rzWuqTWwrJ5fqTIvnTSkYzSlM"
   Domain: www.mongoplayground.net
   Type:   unauthorized
   Detail: Invalid response from
   http://www.mongoplayground.net/.well-known/acme-challenge/Fv1VVoK8no0Q1PBzdlljnOKsxgAnoM6U6TKicl0E7cY:
   "<!DOCTYPE html><body style="padding:0;
   margin:0;"><html><body><iframe
   src="http://mcc.godaddy.com/park/rzWuqTWwrJ5fqTIvnTSkYzSlM"
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

#4

Hi,

You have two IP for each domain.

Please remove the Godaddy one since it’s a parking page. (Which they actually visited first, and certbot throw the invalid response)


#5

Thanks a lot, this fixed the error !


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.