Certbot http-01 challenge fails for non-www pages


#1

My domains are: www.example.de, example.de, www.example.com, example.com

I ran this command: sudo certbot --apache

I can obtain certificats for my www.example.de and www.example.com but example.de and example.com fails
It produced this output (similar for the .com):

http-01 challenge for example.de
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. example.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.de/.well-known/acme-challenge/6ZQZ4Ua3lBcpk41u9o2s6e9nlOsK3uHS7q0SD0ufYpM: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>300 Multiple Choices</title>\n</head><body>\n<h1>Multiple C"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.de
   Type:   unauthorized
   Detail: Invalid response from
   http://example.de/.well-known/acme-challenge/6ZQZ4Ua3lBcpk41u9o2s6e9nlOsK3uHS7q0SD0ufYpM:
   "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>300 Multiple
   Choices</title>\n</head><body>\n<h1>Multiple C"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Apache 2.4.25

The operating system my web server runs on is (include version): debian 9

I can login to a root shell on my machine (yes or no, or I don’t know): yes

My Server Config:
000-default.conf

<VirtualHost *:80>
        ServerName example.com

            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/example.com

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>

    <VirtualHost *:80>
            ServerName www.example.com

            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/example.com

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>


    <VirtualHost *:80>
            ServerName example.de

            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/example.de

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>

    <VirtualHost *:80>
            ServerName www.example.de

            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/example.de

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>

Hint to letsdebug.net in error message
#2

I found this discussion: Webroot plugin : The client lacks sufficient authorization but I don’t think that it’s the same case for me. Because I can obtain certificates for the www.* domains.


#3

Hi @ohlr

your domains have ipv6 and ipv4 addresses. But it looks that your ipv6 sends different content.

https://letsdebug.net/example.com/7304

Do you have a webserver listening ipv6? If not, remove the ipv6 - dns entries.


#4

Thanks!
That resolved the error.