Certificate not being created due to "error getting validation data"


#1

Hi letsencrypt-community,

I am new to the topic off SSL signing and I try to generate a certificate for my OwnCloud server hosted via a Raspberry Pi at home. I followed the instructions in the OwnCloud documentations but it keeps providing an error.

I used to create a certificate via openssl request before (including some Apache config changes) but since it did not work out properly, I switchted to the letsencrypt way of doing it.

I would really appreciate any help.

Thank you,
Georg

My domain is: huberconsulting.ddns.net

I ran this command: sudo /etc/letsencrypt/huberconsulting.ddns.net.sh

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for huberconsulting.ddns.net
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Running post-hook command: service apache2 reload
Failed authorization procedure. huberconsulting.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://huberconsulting.ddns.net/.well-known/acme-challenge/_JN2T45j95bLg5FW1bMwpYMy5Tpjoi_vNHPlGAfp1BU: Error getting validation data

IMPORTANT NOTES:

  • If you lose your account credentials, you can recover through
    e-mails sent to administrator@huber-consulting.de.

  • The following errors were reported by the server:

    Domain: huberconsulting.ddns.net
    Type: connection
    Detail: Fetching
    http://huberconsulting.ddns.net/.well-known/acme-challenge/_JN2T45j95bLg5FW1bMwpYMy5Tpjoi_vNHPlGAfp1BU:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

My web server is (include version): Don’t know

The operating system my web server runs on is (include version): Raspbian (latest version)

My hosting provider, if applicable, is: RaspberryPi at Home

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Don’t know


#2

Is your server behind a firewall or perhaps a (NAT) router?


#3

My server is attached to my router at home (Germany) via Lan cable. The router is an AVM fritzbox. I assume, NAT is included. Does that help?


#4

Hi @cyrix_records

you need a port forwarding / Portfreigabe. Router port 80 -> your server


#5

@JuergenAuer

Thanks for the reply. It worked, but I am now receiving the following error message:

Failed authorization procedure. huberconsulting.ddns.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://huberconsulting.ddns.net/.well-known/acme-challenge/Q5p_yx_u_kzDWflElXm3K3JU6LQ7lk0ai_mUlJ2pRuQ: "

<head data-requesttoken="ZAIABglmMCUZSGJIGlUPRg"

IMPORTANT NOTES:


#6

This script creates (or uses) the wrong webroot. The webroot is the folder where your website starts. Not /var/www/letsencrypt, perhaps /var/www.

PS: Now I see: The cli.ini has a row

webroot-path = /var/www/letsencrypt/

That may be wrong.


#7

@JuergenAuer

Honestly, I do not know, how to find that path. How do I identify the right one? I have a radio with an ownCloud installation on it.


#8

If I open http://huberconsulting.ddns.net/ - I am redirected to

http://huberconsulting.ddns.net/index.php/login

So you must have a file index.php somewhere. The path of this file is your webroot.

Perhaps /var/www/html or /var/www


#9

I tried changing the path. So now cli.ini has the path > /var/www/html/ . However it still provides me with an error. Please find error below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for huberconsulting.ddns.net
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Running post-hook command: service apache2 reload
Failed authorization procedure. huberconsulting.ddns.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://huberconsulting.ddns.net/.well-known/acme-challenge/XAUgAs8g6-BQi8JN2FWxS_TMJgva_AEtZf4hAauhIGQ: "

_ <head data-requesttoken=“JwA0IRxAQgQgZFsBOCktXg”_

IMPORTANT NOTES:
_ - The following errors were reported by the server:_

_ Domain: huberconsulting.ddns.net_
_ Type: unauthorized_
_ Detail: Invalid response from_
_ http://huberconsulting.ddns.net/.well-known/acme-challenge/XAUgAs8g6-BQi8JN2FWxS_TMJgva_AEtZf4hAauhIGQ:_
_ "_
_ _
_ <head data-requesttoken=“JwA0IRxAQgQgZFsBOCktXg”_

_ To fix these errors, please make sure that your domain name was_
_ entered correctly and the DNS A record(s) for that domain_
_ contain(s) the right IP address._

I also tried to attach the log file, but “new users cannot attach files”. Sorry


#10

Please save a file 123456789 (without extension) under

/var/www/html/.well-known/acme-challenge/

and try, if you can load this file via

http://huberconsulting.ddns.net/.well-known/acme-challenge/123456789

per browser.


#11

Hi Juergen, unfortunately I can’t. File is loaded to the directory (while the acme-challange folder I had to create first of all). But when I navvigate to the link, I land on an OwnCloud page stating, that file was not found.


#12

Then your webroot

is wrong. You have to find your correct webroot.


#13

Hi @JuergenAuer

thanks for the insights. I managed to find the right path and to complete my letsencrypt settings. Now everything is fine.

Great help. Thank you


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.