Detail: Error parsing key authorization file: Invalid key authorization: 79 parts


#1

Another day another error…

So I am trying to renew my certs and some work fine and others not. I am running the following command:

sudo /home/ec2-user/letsencrypt/letsencrypt-auto --config /home/ec2-user/letsencrypt/ebook_workinconfidence_com.ini certonly --debug -v

The config file is as follows:

authenticator = webroot
webroot-path = /var/www/ebook
domains = ebook.workinconfidence.com
renew-by-default
agree-tos
email = neil@domain.com
server = https://acme-v01.api.letsencrypt.org/directory

Running the above command give the following error:

Detail: Error parsing key authorization file: Invalid key authorization: 79 parts

More info from the log file below:

2016-02-22 08:55:15,676:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1276', 'Expires': 'Mon, 22 Feb 2016 08:55:15 G
MT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/ne
w-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 22 Feb 2016 08:55:15 GMT', 'X-Frame-Options':
'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'hyOK9fTt2QnEorxMDTJSM43W6jr8Ot4KlNwO0pFocVo'}): '{"identifier":{"type":"dns","value":"ebook.
workinconfidence.com"},"status":"invalid","expires":"2016-02-29T08:55:12Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.
api.letsencrypt.org/acme/challenge/LRlMVm98EqJPW3-x8q0hibpdjUv_NLD78PK_WZhPAHw/18805219","token":"EfJaAiJG8N7vrYQy67OQ7qdqxCjEJgx9B7gvwMIzr9Q"},{"type":"
dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/LRlMVm98EqJPW3-x8q0hibpdjUv_NLD78PK_WZhPAHw/18805220","token":"nxUY
WIDvN_O4yCD6SvIFSuNgB8YsiYfqG9uQpEZGFMU"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Error parsing key
authorization file: Invalid key authorization: 79 parts"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/LRlMVm98EqJPW3-x8q0hibpdjUv_NLD78PK_
WZhPAHw/18805221","token":"fkFCfJS-e3vlIeZpSsOA3fVYw8UhZdn2Ick5-689LjM","keyAuthorization":"fkFCfJS-e3vlIeZpSsOA3fVYw8UhZdn2Ick5-689LjM.PEh8Xy6GjcSOzX6iS
a4wOYf1W-paK8ziSul1XJKubbY","validationRecord":[{"url":"http://ebook.workinconfidence.com/.well-known/acme-challenge/fkFCfJS-e3vlIeZpSsOA3fVYw8UhZdn2Ick5
-689LjM","hostname":"ebook.workinconfidence.com","port":"80","addressesResolved":["176.34.180.24"],"addressUsed":"176.34.180.24"}]}],"combinations":[[2],
[1],[0]]}'
2016-02-22 08:55:15,677:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'nxUYWIDvN_O4yCD6SvIFSuNgB8YsiY
fqG9uQpEZGFMU', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/LRlMVm98EqJPW3-x8q0hibpdjUv_NLD78PK_WZhPAHw/18805220'}
2016-02-22 08:55:15,679:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:

Domain: ebook.workinconfidence.com
Type:   unauthorized
Detail: Error parsing key authorization file: Invalid key authorization: 79 parts

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address
.
2016-02-22 08:55:15,712:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-02-22 08:55:15,744:DEBUG:letsencrypt.plugins.webroot:Removing /var/www/ebook/.well-known/acme-challenge/fkFCfJS-e3vlIeZpSsOA3fVYw8UhZdn2Ick5-689LjM
2016-02-22 08:55:15,747:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1987, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 707, in obtain_cert
    _, action = _auth_from_domains(le_client, config, domains, lineage)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 458, in _auth_from_domains
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 252, in obtain_certificate
    return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 225, in obtain_certificate_from_csr
    authzr = self.auth_handler.get_authorizations(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 84, in get_authorizations
    self._respond(cont_resp, dv_resp, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 142, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 204, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. ebook.workinconfidence.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient author
ization :: Error parsing key authorization file: Invalid key authorization: 79 parts

There was no problem when the cert was created and as I say other domains on the same server I can renew without issue.


#2

Turns out this was because the webroot-path in the config file was pointing to the wrong folder. doh!