reducing the process to manual mode, i am here
./certbot-auto certonly --manual --preferred-challenges http -w /var/www/domain -d domain.net
but i can access the link from a browser
Failed authorization procedure. domain.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.net/.well-known/acme-challenge/MjD6H_lxC7Fut1sSe1vXGi_pwTvA5_uM2NAAolpPP-g: "
404 Not Found
previously, i was using letsencrypt-auto on debian 7 apache but had python version issue, thought i would update to certbot
When you created this post it asked you a bunch of question
If you would like help then it’s best to fill those out (such as your domain name) without your domain name it’s hard for others to verify that your folders have been setup correct and your web server is behaving as it should be.
@bob247, the problem is that you have defined two DNS records for
One for ipv4
$ dig sms2.net A +short
One for ipv6
$ dig sms2.net AAAA +short
But your web server is only configured for ipv4:
$ curl -i4 http://sms2.net/.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64
HTTP/1.1 200 OK
Date: Tue, 23 May 2017 12:40:00 GMT
Last-Modified: Tue, 23 May 2017 07:19:25 GMT
As it is not configured for ipv6, it gaves the 404 not found error, I suppose because is not reaching the VirtualHost conf but the default conf of your web server.
$ curl -i6 http://sms2.net/.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64
HTTP/1.1 404 Not Found
Date: Tue, 23 May 2017 12:40:06 GMT
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<title>404 Not Found</title>
<p>The requested URL /.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64 was not found on this server.</p>
Since a few days, if the domain has 2 records, A and AAAA Let’s Encrypt will prefer AAAA instead of A, before the last change ipv4 was prefered but, you know, that has changed.
To solve your issue you have two options:
A) If you don’t want to serve your site with ipv6, remove the AAAA record for your domain.
B) Configure your web server to attend requests for your domain with ipv6.
Thank you for your help sahsanu, much appreciated
This was the problem, certbot has now renewed the certificate
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.