Completely new certificate/server/domain: Failed authorization procedure


#1

Hi All,

I am completely new to configuting apache for https and using certbot. I was reading that certbot would automatically configure HTTPS so I followed directions on the certbot xenialapache page, but I feel I am missing many things. I don’t understand where the auto install gives me a challenge to put in my TXT records, or if it is doing some other method to authenticate. I’m quite lost.

Initially I was receiving the following errors when following the guide and commands described below:

File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)

I was able to fix this by installing python3-pyasn1

However I’m still stuck with the output described below.

My domain is:

nationalrfs.com

I ran this command:

certbot --apache

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?


1: nationalrfs.com
2: wp.nationalrfs.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):

I ran this command:

1

It produced this output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nationalrfs.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. nationalrfs.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://nationalrfs.com/.well-known/acme-challenge/XXXXXXXXXXXXX [45.77.114.94]: "\n<html lang=“en-US”>\n\n <meta charset=“UTF-8”>\n <meta name=“viewport” content=“width=device-width, ini”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: nationalrfs.com
    Type: unauthorized
    Detail: Invalid response from
    http://nationalrfs.com/.well-known/acme-challenge/XXXXXXXXXXXXX
    [45.77.114.94]: "\n<html lang=“en-US”>\n\n

    \n <meta name=\"viewport\" content=\"width=device-width, ini"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):

Apache version 2.4.18

My DNS/Domain providers:

Godaddy (domain DNS management only, server runs on VPS).

The operating system my web server runs on is (include version):

Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial

My VPS provider is:

Vultr

I can login to a root shell on my machine:

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is:

certbot 0.31.0

Can anyone point me in the right direction? Thank in advance!


#2

Hi @ksva

if you use --apache, that’s http-01 validation, not dns-01 validation. So you don’t have to create a TXT entry.

I see, you have checked your domain via https://check-your-website.server-daten.de/?q=nationalrfs.com

Port 80 is open, www redirects to non-www, non-www answers with a correct http status 404 - Not Found.

So check your vHost configuration to find your DocumentRoot, then use it.

certbot run -a webroot -i apache -w yourDocumentRoot -d nationalrfs.com -d wp.nationalrfs.com

Perhaps add the www version (-d www.wp.nationalrfs.com).


#3

This got the install script to complete successfully! Unfortunately my original apache configuration was setup incorrectly but now I know how to utilize certbot in this environment. Thank you for the help.


closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.