Certbot unauthorized error on certfiication

Hello everyone! How are you? I am having an issue doing the certification with certbot in Apache httpd and Centos7.

When I try to run the commando "certbot --apache" on my domain: I get this result:

Challenge failed for domain (here is my domain)
http-01 challenge for (here is my domain)
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: (here is my domain)
Type: unauthorized
Detail: (here is the IP address): Invalid response from
http://(here is my domain)/.well-known/acme-challenge/KVHrZDsCp_EuEhtj7cjIUgIQW-py7XYdTErUbdGVYNs:
403

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I tried deleting the content in /etc/letsencrypt and changing my domain name, but it doesn't work.

¿Does anybody know how to fix this :thinking:? I want to show a web page through that domain for a demo.

Thanks in advance :smiley: !

Welcome to the community @FedericoArielLotitto

Without answers to the questions on the Help form there is not much more we can say. The error message says the Let's Encrypt Servers cannot reach your website to complete the HTTP Challenge. You must have a working HTTP site to satisfy the HTTP Challenge.

You should check the DNS A/AAAA records, any firewall(s) and router NAT forwarding (if any).

If you want more specific advice please answer the form questions as best you can.

============================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

3 Likes

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher. Rate Limits are per week (rolling).

And to assist with debugging there is a great place to start is Let's Debug.

2 Likes

I'd start by verifying its' configuration, with:
apachectl -t -D DUMP_VHOSTS

3 Likes

I solved the error. It was generated by a configuration in my httpd.conf that didn't let establish the connection to letsencrypt. The Let's Debug page was very useful to determine that.

Thanks a lot!

5 Likes