Certbot HTTP Challenge Not Passing - Standalone with TLS Challenge Worked


#1

Please fill out the fields below so we can help you better.

My domain is: pinchepoutine.com.mx

I ran this command: sudo certbot certonly --webroot -w /var/www/pinchepoutinecmx -d pinchepoutine.com.mx -d www.pinchepoutine.com.mx

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pinchepoutine.com.mx
http-01 challenge for www.pinchepoutine.com.mx
Using the webroot path /var/www/pinchepoutinecmx for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.pinchepoutine.com.mx (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.pinchepoutine.com.mx/.well-known/acme-challenge/DAdPwaUw5EaALr5-24rpcFTl7xR5-TgenHqgiRBS7q0: "

404 Not Found

404 Not Found


", pinchepoutine.com.mx (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://pinchepoutine.com.mx/.well-known/acme-challenge/Yq8hOpn6Pob8tNuZUJvPt0fYTm7pO-9q25wUw0bt8Iw: " server { 404 Not Found

404 Not Found


"

IMPORTANT NOTES:

My operating system is (include version):
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial

My web server is (include version):nginx version: nginx/1.10.0 (Ubuntu)

My hosting provider, if applicable, is: Google Compute Engine

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi @xpat

Your websites seem to be redirecting HTTP to HTTPS

Also even if you browse to the locations in the browser over HTTPS there is still no file present

A common cause for this is that NGINX webserver roots are configured to point to directory A while the webroot is elsewhere. You should compare what you pass -webroot -w /var/www/pinchepoutinecmx with what your web server has configured.

The other common cause of this is …htaccess files not allowing users to browse to the acme directory

A third possible cause is MIME mapping but this crops up on windows systems more

A common troubleshooting approach

Place a TEST.HTML and a TEST (no extension file) in your http://pinchepoutine.com.mx/.well-known/acme-challenge folder

Browse to it with a browser if you are able to receive files you are there.

The only other thing to check is that Certrbot is putting the files in the correct direcoty

Andrei


#3

Thanks, Andrei. I manually added the directory acme-challenge and then two files, test.html and test. (I had done this before I asked for help) and now again after getting your message. I can’t browse to those files. I still get 404 not found.

I installed the certificate on 10 other websites about two weeks ago. I forgot about this one, and just came back to it. Probably I have something misspelled or the webroot is wrong, as you suggest. Honestly, I posted my request for help because I thought the problem might be related to the .com.mx extension.


#4

Also not sure what to make of this:

curl -i https://pinchepoutine.com.mx/

curl: (51) SSL: certificate subject name (oneofmywebsites.com) does not match target host name ‘pinchepoutine.com.mx

If I remember correcty, it’s no different than what I did when I ran the certbot command for the other websites.


#5

sudo certbot certonly --standalone -d pinchepoutine.com.mx -d www.pinchepoutine.com.mx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for pinchepoutine.com.mx
tls-sni-01 challenge for www.pinchepoutine.com.mx
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/pinchepoutine.com.mx/fullchain.pem. Your cert
    will expire on 2017-08-02. To obtain a new or tweaked version of
    this certificate in the future, simply run certbot again. To
    non-interactively renew all of your certificates, run “certbot
    renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le


#6

nice one - looks like the TLS challenge worked for you.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.