Certbot mode standalone " Failed authorization procedure. www.mamediarrahbeye.ovh (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mamediarrahbeye.ovh

I ran this command: certbot certonly --standalone --agree-tos --no-eff-email -d mamediarrahbeye.ovh -d www.mamediarrahbeye.ovh

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mamediarrahbeye.ovh
http-01 challenge for www.mamediarrahbeye.ovh
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. mamediarrahbeye.ovh (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge “AAlmQQ0DtGBcRejyumt8loSUe3K9O5LPs9h8j4o-MOY.5A92buCpw4fSR7B70WiHZbGJAqh2q2zesxCSyeUnZME” != “AAlmQQ0DtGBcRejyumt8loSUe3K9O5LPs9h8j4o-MOY.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8”, www.mamediarrahbeye.ovh (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge “tawJF4LT1G3yBs14q4ZLXPCvh836u_HzzI6dmyK-fV0.5A92buCpw4fSR7B70WiHZbGJAqh2q2zesxCSyeUnZME” != “tawJF4LT1G3yBs14q4ZLXPCvh836u_HzzI6dmyK-fV0.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mamediarrahbeye.ovh
    Type: unauthorized
    Detail: The key authorization file from the server did not match
    this challenge
    “AAlmQQ0DtGBcRejyumt8loSUe3K9O5LPs9h8j4o-MOY.5A92buCpw4fSR7B70WiHZbGJAqh2q2zesxCSyeUnZME”
    !=
    “AAlmQQ0DtGBcRejyumt8loSUe3K9O5LPs9h8j4o-MOY.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8”

    Domain: www.mamediarrahbeye.ovh
    Type: unauthorized
    Detail: The key authorization file from the server did not match
    this challenge
    “tawJF4LT1G3yBs14q4ZLXPCvh836u_HzzI6dmyK-fV0.5A92buCpw4fSR7B70WiHZbGJAqh2q2zesxCSyeUnZME”
    !=
    “tawJF4LT1G3yBs14q4ZLXPCvh836u_HzzI6dmyK-fV0.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): no web server if I am in standalone mode right ?

The version of my client is : certbot 0.31.0

Hope you will be able to help with these information

If I access http://mamediarrahbeye.ovh/ in a browser, I get an OVH “site en construction” page.

Is 188.165.53.185 your server’s IP address? Where does that page come from? Do you have some kind of OVH load balancer or CDN or proxy service in front of your site?

Whatever the server is, it’s handling the validation requests instead of forwarding them to your Certbot server.

I think this is known to happen with OVH, but I don’t remember the details. :confused:

Edit: See this thread:

It’s very old and I don’t know how accurate it still is.

Hello mnorhoff, thank you for your answer.

The “site en construction” page probably comes from OVH. I just bought the domain exclusively to get certificates with certbot. I plan to use it and its certificates later to build a dns over Https server. So I don’t know the change to do on this ovh domain to get it work with Certbot.

I’ve changed the server address IP, from 188.165.53.185 to the public address IP of my box. I thought that it was essential to make it work. Maybe it’s not ?
I am not sure about any existing load balancer or proxy service in front of my sit. How can I check that ?

Gonna check the threat mentioned, thank you !

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.