Clients lack sufficient information


#1

Server: QNAP where the content is serving from
cPanel is the main doamin, but changed IP to QNAP.
using as nginx reverse proxy

certbot certonly --standalone -d happy2let.co.uk -d www.happy2let.co.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for happy2let.co.uk
http-01 challenge for www.happy2let.co.uk
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.happy2let.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.happy2let.co.uk/.well-known/acme-challenge/h2vpYRl1nn4xonZHS7SmR1xgDhoEaQwrEldFlPJR2K4: “\n\n \n <meta name=“robots” content=“noindex,nofollow” />\n \n /* Copyr”, happy2let.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://happy2let.co.uk/.well-known/acme-challenge/N4qTgDOk5mXbD-DDfn7S04sIn-PpORABdH8mGlU_Eao: “\n\n \n <meta name=“robots” content=“noindex,nofollow” />\n \n /* Copyr”

IMPORTANT NOTES:


#2

I’m not sure what your server topology actually is.

I think you’re using nginx on the server with the public IP address 51.6.247.186, correct?

On which server is your certbot running? Your QNAP NAS?

What do you mean you “changed IP to QNAP”? What IP address?


#3

Hi @awsdevopro

if you use standalone, Certbot starts a new webserver. So you must stop your running webserver.

But you can use your running webserver with the --nginx.

I see, you have already tested your site ( https://check-your-website.server-daten.de/?q=happy2let.co.uk ):

There is one wrong redirect:

http://happy2let.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
51.6.247.186
	301
	http://www.happy2let.co.uk.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

A missing / between your Servername and /.well-known, so it redirects to the unknown domain www.happy2let.co.uk.well-known.

So check your redirect rule, add there a slash after your %SERVERNAME. Then try

certbot certonly --nginx -d happy2let.co.uk -d www.happy2let.co.uk

#4

I agree, the site responds to http, so using --standalone doesn’t make sense (and may not be providing the desired result).

If certbot can’t find the right path (or the right vhost config) for the names provided, you can help it by specifying it manually using --webroot -w /path/to/your/site/root


#5

Using standalone on a server not running a webserver behind a reverse proxy makes perfect sense.


#6

TADA !
Now I see the light :slight_smile:

Ok, so the problem is the /.well-known/challenge/ requests aren’t being forwarded properly?
[they don’t reach the intended server]


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.