Connect to the client to verify the domain failed [SOLVED]

Hiya,

I’ve had to reinstall my server with arch linux and apache. But certbot certonly --manual failed with following error:

Waiting for verification…
Cleaning up challenges
Failed authorization procedure. linuxcompitech.dynamic-dns.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://linuxcompitech.dynamic-dns.net/.well-known/acme-challenge/RFtVIgOSk-Mfj0MRKLfKUgYWNREZE-KwY5C34lhxalA: "<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/D"

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: linuxcompitech.dynamic-dns.net
Type: unauthorized
Detail: Invalid response from
http://linuxcompitech.dynamic-dns.net/.well-known/acme-challenge/RFtVIgOSk-Mfj0MRKLfKUgYWNREZE-KwY5C34lhxalA:
"<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/D"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

DNS is fine, I have no problems in bringing up the site on screen.

lancs

Hi @lancs,

Did certbot certonly --manual tell you to create a specific file at a specific URL? Did you then do so, and did you also test it with a web browser or curl?

Hi @schoen,

no I didn’t get any order like this. What I have done, I’ve delete my configuration & log files and reinstalled certbot. When I tried to connect to the domain, I got a clearer message.

certbot certonly --email pendlevideo247@gmail.com --webroot -w /srv/http/linuxcompitech.dynamic-dns.net/ -d linuxcompitech.dynamic-dns.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

(A)gree/©ancel: A


Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.

(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for linuxcompitech.dynamic-dns.net
Using the webroot path /srv/http/linuxcompitech.dynamic-dns.net for all unmatched domains.
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: linuxcompitech.dynamic-dns.net
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

It looks like that I have to wait for 7 days till I get my certificate or have I a choice to make a reset?

lancs

Hi @lancs,

I’m pretty confused now because you were first showing an error which you got with certbot --manual, and then a different error which you got with certbot --webroot. The reason for the two errors is also quite different—are you happy with --webroot and not interested in using --manual anymore?

In terms of the rate limit, you can bypass this rate limit if you can add an additional domain name for the certificate. Otherwise, you can issue one more certificate 7 days from the oldest certificate that’s triggered this rate limit, which will be starting around midnight UTC on Friday, June 23.

Hi @schoen,
actually, I’m still a beginner with letsencrypt and I think to do that with --webroot it is easier to handle. I’ve added an additional domain name, thanks for the tip. :slight_smile: What I noticed, firefox was saying the connection is not secure.

Website: linuxcompitech.dynamicdns.me.uk
Owner: This website does not supply ownership information.
Verified by: Not specified

My configuration:

Raspberry PI with Arch Linux

Kernel 4.9.33
Apache 2.4.25

<VirtualHost *:80>
ServerAdmin webmaster@linuxcompitech.dynamicdns.me.uk
DocumentRoot "/srv/http/linuxcompitech.dynamicdns.me.uk"
ServerName linuxcompitech.dynamicdns.me.uk
ServerAlias linuxcompitech.dynamicdns.me.uk
ErrorLog "/var/log/httpd/linuxcompitech.dynamicdns.me.uk-error_log"
CustomLog “/var/log/httpd/linuxcompitech.dynamicdns.me.uk-access_log” common

<Directory "/srv/http/linuxcompitech.dynamicdns.me.uk">
    Options +SymLinksIfOwnerMatch +ExecCGI +Includes +IncludesNOEXEC -Indexes 
    AllowOverride All

<VirtualHost *:443>
ServerAdmin webmaster@linuxcompitech.dynamicdns.me.uk
DocumentRoot "/srv/http/linuxcompitech.dynamicdns.me.uk"
ServerName linuxcompitech.dynamicdns.me.uk:443
ServerAlias linuxcompitech.dynamicdns.me.uk:443
ErrorLog "/var/log/httpd/linuxcompitech.dynamicdns.me.uk-error_log"
CustomLog “/var/log/httpd/linuxcompitech.dynamicdns.me.uk-access_log” common

<Directory "/srv/http/linuxcompitech.dynamicdns.me.uk">
    Options +SymLinksIfOwnerMatch +ExecCGI +Includes +IncludesNOEXEC -Indexes 
    AllowOverride All
</Directory>
    SSLEngine on
    SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
    SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
    SSLHonorCipherOrder on
    SSLProtocol all -SSLv3
    SSLProxyProtocol all -SSLv3
    SSLCertificateFile    "/etc/letsencrypt/live/linuxcompitech.dynamicdns.me.uk/cert.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/linuxcompitech.dynamicdns.me.uk/privkey.pem"
    SSLCACertificateFile  "/etc/letsencrypt/live/linuxcompitech.dynamicdns.me.uk/chain.pem"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>

BrowserMatch “MSIE [2-5]”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

https://www.ssllabs.com/ssltest/analyze.html?d=linuxcompitech.dynamicdns.me.uk

thanks lancs

Hi @lancs, this is a mixed content problem now. Take a look at https://whynopadlock.com/ to diagnose it.

@schoen

The problem was an external service ( counter ).

thank you so much…my site is secure now. :slight_smile:

lancs

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.