reducing the process to manual mode, i am here

./certbot-auto certonly --manual --preferred-challenges http -w /var/www/domain -d domain.net

but i can access the link from a browser
domain/.well-known/acme-challenge/MjD6H_lxC7Fut1sSe1vXGi_pwTvA5_uM2NAAolpPP-g

Failed authorization procedure. domain.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.net/.well-known/acme-challenge/MjD6H_lxC7Fut1sSe1vXGi_pwTvA5_uM2NAAolpPP-g: "

Not Found

previously, i was using letsencrypt-auto on debian 7 apache but had python version issue, thought i would update to certbot

thanks

Hi @bob247

When you created this post it asked you a bunch of question

If you would like help then it’s best to fill those out (such as your domain name) without your domain name it’s hard for others to verify that your folders have been setup correct and your web server is behaving as it should be.

Andrei

sorry, i missed the questions

the domain is sms2.net

http://sms2.net/.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64

@bob247, the problem is that you have defined two DNS records for sms2.net.

One for ipv4

$ dig sms2.net A +short
87.106.166.93

One for ipv6

$ dig sms2.net AAAA +short
2001:8d8:894:2500::6f:4f4e

But your web server is only configured for ipv4:

$ curl -i4  http://sms2.net/.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64
HTTP/1.1 200 OK
Date: Tue, 23 May 2017 12:40:00 GMT
Server: Apache
Last-Modified: Tue, 23 May 2017 07:19:25 GMT
ETag: "25568-57-5502bceb47b65"
Accept-Ranges: bytes
Content-Length: 87

FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64.2ZFz85qKcp0ZJzvrbHDE2tGwQKkM8aGIMrtD-NR0-hg

As it is not configured for ipv6, it gaves the 404 not found error, I suppose because is not reaching the VirtualHost conf but the default conf of your web server.

$ curl -i6  http://sms2.net/.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64
HTTP/1.1 404 Not Found
Date: Tue, 23 May 2017 12:40:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64 was not found on this server.</p>
</body></html>

Since a few days, if the domain has 2 records, A and AAAA Let’s Encrypt will prefer AAAA instead of A, before the last change ipv4 was prefered but, you know, that has changed.

To solve your issue you have two options:

A) If you don’t want to serve your site with ipv6, remove the AAAA record for your domain.
B) Configure your web server to attend requests for your domain with ipv6.

Good luck,
sahsanu

Thank you for your help sahsanu, much appreciated

This was the problem, certbot has now renewed the certificate

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.