Certbot "Unauthorised"

Hello,

When I run
sudo certbot --nginx --agree-tos --redirect --hsts --email ultrahartford@gmail.com -d mail.riversideprison.com

I got

Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.riversideprison.com
nginx: [error] invalid PID number "" in "/run/nginx.pid"
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.riversideprison.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.riversideprison.com/.well-known/a    cme-challenge/_HLB8ICy4YeDb04HJ9xnwkLiiLHzM6oBOSN2iYHnyXo [2606:4700:30::681b:b0a3]: "<!DOCTYPE HTML>\n<html lang=\"en-US\">\n<head>\n  <meta charset=\"UTF-8\" />\n  <meta http-equiv=\"Content-Type\" content=\"text/html; ch    ar"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.riversideprison.com
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.riversideprison.com/.well-known/acme-challenge/_HLB8ICy4YeDb04HJ9xnwkLiiLHzM6oBOSN2iYHnyXo
   [2606:4700:30::681b:b0a3]: "<!DOCTYPE HTML>\n<html
   lang=\"en-US\">\n<head>\n  <meta charset=\"UTF-8\" />\n  <meta
   http-equiv=\"Content-Type\" content=\"text/html; char"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I am trying to get a certificate for my mail server, I am not the best at these types of things and linux in general, but if anyone could help me that would be well appreciated.

Domain: mail.riversideprison.com
VPS: OVH
VPS OS & VERSION: Ubuntu 18.01.01 LTS

Hi @UltraaaDev

there are some problems ( https://check-your-website.server-daten.de/?q=mail.riversideprison.com ).

Your ip addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
mail.riversideprison.com A 104.27.176.163

Ashburn/Virginia/United States (US) - Cloudflare, Inc.
No Hostname found|yes|1|0|
||A|104.27.177.163
Ashburn/Virginia/United States (US) - Cloudflare, Inc.
No Hostname found|yes|1|0|
||AAAA|2606:4700:30::681b:b0a3
San Francisco/California/United States (US) - Cloudflare|yes|||
||AAAA|2606:4700:30::681b:b1a3
San Francisco/California/United States (US) - Cloudflare|yes|||

You use Cloudflare, so your server is invisible.

Cloudflare can’t connect your domain, so there are a lot of 503 - Service Temporarily Unavailable:

Domainname Http-Status redirect Sec. G
http://mail.riversideprison.com/
104.27.176.163 503 0.026 S
Service Temporarily Unavailable
http://mail.riversideprison.com/
104.27.177.163 503 0.030 S
Service Temporarily Unavailable

But checking http + /.well-known/acme-challenge there is a bad result:

||http://mail.riversideprison.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.27.176.163|503| 0.023 S| Service Temporarily Unavailable||
Visible Content: Please turn JavaScript on and reload the page. Checking your browser before accessing riversideprison.com. table This process is automatic. Your browser will redirect to your requested content shortly. Please allow up to 5 seconds… +((!++!!+!!+!!+!!+!!+!!+!!+!!+)+(!++!!)+(+)+(!++!!+!!+!!)+(+!!)+(!++!!+!!+!!+!!+!!+!!+!!+!!)+(!++!!+!!+!!+!!+!!+!!+!!)+(!++!!)+(!++!!+!!))/+((!++!!+!!+!!+!!+)+(+!!)+(!++!!+!!+!!)+(!++!!+!!+!!+!!+!!+!!+!!+!!)+(!++!!+!!+!!+!!+!!+!!)+(+!!)+(!++!!+!!+!!+!!)+(!++!!+!!)+(!++!!+!!+!!+!!+!!+!!+!!+!!)) DDoS protection by Cloudflare Ray ID: 4f1b8cbc0f66d11d

Such a DDos protection by Cloudflare isn’t compatible with a Letsencrypt check of your domain.

So remove that DDos protection, minimal, if the folder is /.well-known/acme-challenge.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.