Certbot not working for me

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: teams.jrmpc.ca

I ran these commands:

sudo certbot certonly --webroot -w /var/www/jrmpc -d teams.jrmpc.ca

sudo certbot certonly --standalone -d teams.jrmpc.ca

It produced this output:

Failed authorization procedure…

The following errors were reported by the server:

Domain: teams.jrmpc.ca
Type: unauthorized
Detail: Invalid response from http://teams.jrmpc.ca/.well-known/acme-challenge/…

After several failed attempts to find the correct procedure, I am now locked out with:

Error creating new order :: too many failed authorizations recently…

My web server is (include version):

Web server is internal to my Pharo/Teapot web application.

The operating system my web server runs on is (include version):

Ubuntu Server 18.04 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

2

Hi,

Could you please try to place a test file with dummy content at http://teams.jrmpc.ca/.well-known/acme-challenge/test?

Thank you

3

What was the rest of the error message?

What's in your web server's error log?

4

Done. The file is fred.html

5

Here’s the tail end of my log:

2018-12-20 14:07:46,940:DEBUG:certbot.main:certbot version: 0.28.0
2018-12-20 14:07:46,942:DEBUG:certbot.main:Arguments: [’–webroot’, ‘-w’, ‘/var/www/jrmpc’, ‘-d’, ‘teams.jrmpc.ca’]
2018-12-20 14:07:46,942:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-12-20 14:07:46,953:DEBUG:certbot.log:Root logging level set at 20
2018-12-20 14:07:46,954:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-12-20 14:07:46,954:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2018-12-20 14:07:46,955:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f5ef2f0e7f0>
Prep: True
2018-12-20 14:07:46,956:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f5ef2f0e7f0> and installer None
2018-12-20 14:07:46,956:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2018-12-20 14:07:46,990:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/48015966’, new_authzr_uri=None, terms_of_service=None), 87a84c065f95f9e90f7100c73623a28b, Meta(creation_dt=datetime.datetime(2018, 12, 20, 2, 4, 55, tzinfo=), creation_host=‘daredevil’))>
2018-12-20 14:07:46,991:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2018-12-20 14:07:46,993:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2018-12-20 14:07:47,180:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2018-12-20 14:07:47,181:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 20 Dec 2018 14:07:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 20 Dec 2018 14:07:47 GMT
Connection: keep-alive

{
“cNNuD9lyqQk”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2018-12-20 14:07:47,181:INFO:certbot.main:Obtaining a new certificate
2018-12-20 14:07:47,308:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem
2018-12-20 14:07:47,312:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem
2018-12-20 14:07:47,313:DEBUG:acme.client:Requesting fresh nonce
2018-12-20 14:07:47,314:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2018-12-20 14:07:47,387:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 204 0
2018-12-20 14:07:47,388:DEBUG:acme.client:Received response:
HTTP 204
Server: nginx
Replay-Nonce: oys_JiJq6KGprW1f-32G4tCCfgxLwexSTilkwEYZQXk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 20 Dec 2018 14:07:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 20 Dec 2018 14:07:47 GMT
Connection: keep-alive

2018-12-20 14:07:47,388:DEBUG:acme.client:Storing nonce: oys_JiJq6KGprW1f-32G4tCCfgxLwexSTilkwEYZQXk
2018-12-20 14:07:47,388:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “teams.jrmpc.ca”\n }\n ]\n}’
2018-12-20 14:07:47,391:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDgwMTU5NjYiLCAibm9uY2UiOiAib3lzX0ppSnE2S0dwclcxZi0zMkc0dENDZmd4THdleFNUaWxrd0VZWlFYayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0”,
“signature”: “m8XmX-ljZ0rN8AjIehS-1ScmVXJfCxhjDzsCjRRkYYadawqxX4gYJMLnMFuvremlREn1tvvtAwF_cK8knyIY0X2zaW_ETyzWvNvTLQQ34dc7tngqNI2CAvsUN6aH1Ob7y3ikwbl6Mk_7ewZ0HSDFRP_TOaCCW4Bb8V36rJtWmmgJ3fa8I9A-3uohD1DY3osbPRY6zOEoIt5B_hLs-rbIU6g5wFxkmUBbdbIPKy0bJMvM-35av3q0IeDTTLHPs_2iLPiKYxKIror9stgdW3JhPvip8IY8SHsuHaY2b04MWuX1UrM0b3fsOhLBC6OQYOrC5jSOB18Sy-W9qKhh-5EDuA”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInRlYW1zLmpybXBjLmNhIgogICAgfQogIF0KfQ”
}
2018-12-20 14:07:47,476:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 201
2018-12-20 14:07:47,477:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Content-Type: application/problem+json
Content-Length: 201
Boulder-Requester: 48015966
Replay-Nonce: Xx2YP7PIyWu1PPHXBLJQnn_tdbrJ6xuVHUjgG2wPq4Y
Expires: Thu, 20 Dec 2018 14:07:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 20 Dec 2018 14:07:47 GMT
Connection: close

{
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
2018-12-20 14:07:47,477:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.28.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1340, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1225, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 392, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 335, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 367, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 824, in new_order
return self.client.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 650, in new_order
response = self._post(self.directory[‘newOrder’], order)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 94, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1130, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1147, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 999, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
2018-12-20 14:07:47,479:ERROR:certbot.log:An unexpected error occurred:
2018-12-20 14:07:47,479:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/

6

Hi,

What’s the full path that you placed the file to? (Start from system root)
You should use that path (remove the test at the end) as your webroot.

Thank you

7

Do you still have the log file that contains the original error message? “too many failed authorizations recently” hides the reason it was failing before.

8

/var/www/.well-known/acme-challenge/test

9

Yes, but I can’t upload it. Should I cut and paste the whole thing? It’s very long.

10

Hi,

In this case, do you mind to try to issue certificates using this command:
sudo certbot certonly --webroot -w /var/www/.well-known/acme-challenge/ -d teams.jrmpc.ca

Thank you

11

Pretty much the same error.

12

The first part of my cut and paste should contain the info you’re looking for.

13

I'd like to see the rest of this error message:

14

certbot.errors.FailedChallenges: Failed authorization procedure. teams.jrmpc.ca (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://teams.jrmpc.ca/.well-known/acme-challenge/WJPmcbAzJIX_fm9V9DjyFTycSh-AMLBX9N6xL1zMAcE [174.117.171.194]: 404

15

Was /var/www/jrmpc the correct directory?

Are you sure the DNS records are pointing at the correct server?

What did the server’s error logs say?

16

I’m not sure what you mean by correct directory. My web server is configured to serve files from ‘/var/www’. ‘jrmpc’ is just a subdirectory of that. Do I need to configure file serving from ‘/var/www/jrmpc’?

17

You just have to have Certbot and your web server use the same directory. That might be “/var/www”. If they’re using different directories, you have to change one of them.

If you wanted to make a file that can be accessed at http://teams.jrmpc.ca/something.html, where would it be? /var/www/something.html? /var/www/jrmpc/something.html? Whatever directory it is, unless the web server has a more complicated configuration, that’s the directory you should use.

What is the web server’s configuration?

What was in the web server’s error log?

18

Thanks. That worked.

1 Like
19

Did you use?:
sudo certbot certonly --webroot -w /var/www/ -d teams.jrmpc.ca

20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.