Command "letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d mail.ourdomain.fi" produced "Unable to clean up challenge directory" & "Failed authorization procedure."

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.automopus.fi

I ran this command: /opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d mail.automopus.fi

And same happens with command: /opt/letsencrypt/certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d mail.automopus.f

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.automopus.fi
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /usr/share/nginx/html/.well-known/acme-challenge
Failed authorization procedure. mail.automopus.fi (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.automopus.fi/.well-known/acme-challenge/1aSRY6fsLuPzl2xJD88RjM10n_yzXD099cnEK9YQ_yw: "

404 Not Found

Not Found

<p"

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: mail.automopus.fi
Type: unauthorized
Detail: Invalid response from
http://mail.automopus.fi/.well-known/acme-challenge/1aSRY6fsLuPzl2xJD88RjM10n_yzXD099cnEK9YQ_yw:
"

404 Not Found

Not Found

<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
root@testing:/usr/share/nginx/html/.well-known#mailto:root@testing:/usr/share/nginx/html/.well-known#

My web server is (include version): Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-91-generic x86_64)

My hosting provider, if applicable, is: www.upcloud.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

2

Try adding --debug to your command line and rerun your command.

3

Thanks! I will add --debug right away.

4

I ran the command with --debug, and result was:

root@testing:/usr/share/nginx/html# /opt/letsencrypt/certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html --debug -d new.automopus.fi
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for new.automopus.fi
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 861, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 786, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 85, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 318, in obtain_certificate
self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. new.automopus.fi (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://new.automopus.fi/.well-known/acme-challenge/P7EmY0PDrxsGgKx8pceK7-GsKR3KPq8uMjbvYkwlshw: "

404 Not Found

404 Not Found

" Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

Any ideas, please? User rights of folders are 755, that should be OK.

5

Please create the directory /usr/share/nginx/html/.well-known/acme-challenge.
Then place a file test.txt there.

mkdir -p /usr/share/nginx/html/.well-known/acme-challenge
touch /usr/share/nginx/html/.well-known/acme-challenge/test.txt

Can you access this via http://new.automopus.fi/.well-known/acme-challenge/test.txt?

6

No, directory and file created but no access to file. Response 404 Not Found.
Any other ideas, please?

7

As long as the challenge files are not reachable via /.well-known/acme-challenge/ the http-authorization will always fail. You have to fix your nginx-configuration or tell certbot where to store the files.

8

Problem was in nginx configuration files, and has been corrected. Thanks to all for your help!

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.