Certbot Failed authorization procedure

Hi! I am using certboot to get certs.

But when I try to use it with webroot plugin I face this error. Mb I need some preparation before?

busylee@vm3441:~/temp$ ./certbot-auto certonly --webroot -w /var/www/busylee/gmnode/ -d bot.tryremember.ru -d www.bot.tryremember.ru
Requesting root privileges to run certbot…
/home/busylee/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/busylee/gmnode/ -d bot.tryremember.ru -d www.bot.tryremember.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bot.tryremember.ru
http-01 challenge for www.bot.tryremember.ru
Using the webroot path /var/www/busylee/gmnode for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.bot.tryremember.ru (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.bot.tryremember.ru/.well-known/acme-challenge/uxNfYUO9NQ6DSUNmdgZ6vabRUzpnvUmxh3q2YjQbNQM: "

404 Not Found

404 Not Found


", bot.tryremember.ru (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bot.tryremember.ru/.well-known/acme-challenge/wYlppkBSok9yKzBOUHCw_EftmqX9hfohs1FksrB_6D4: " 404 Not Found

404 Not Found


"

Is /var/www/busylee/gmnode/ the path where the actual files for the website reside?

I.e., /var/www/busylee/gmnode/testfile.txt would translate into http://bot.tryremember.ru/testfile.txt ?

In fact, no :frowning: I have nodejs, and domain/ proxied to localhost:3000, so I think /var/www/busylee/gmnode/testfile.txt whould not be translated to http://bot.tryremember.ru/testfile.txt. Is it required? Can I fix it with correct nginx config?

Well, yes, that's the whole point of the webroot setting :wink:

Certainly!

You could put the following configuration code in one of the nginx "default" configuration files (so it gets loaded for every virtual host):

# ACME challenge
location ^~ /.well-known {
  allow all;
  alias /var/lib/letsencrypt/.well-known/;
  default_type "text/plain";
  try_files $uri =404;
}

This will use the alias for every request which begins with /.well-known/.

Then, use /var/lib/letsencrypt/ as the webroot in your command. You can of course change this location to one of your liking, this was just a snippit I copy/pasted from a page I found with Google :slight_smile:

1 Like

Finally, it is not worked :frowning: I faced same error

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.