Easyengine sites letsencrypt not working

vijayp4you · February 20, 2018, 12:02pm

Hi,
Easyengine sites unable to renewal the ssl or convert from http to https.

Failed authorization procedure. www.xyz.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.xyz.com/.well-known/acme-challenge/HnBmmFRVAzUWO233sNKOfoZmxbxezf6MUEhhzaw32ZA: "

stevenzhu · February 20, 2018, 2:04pm

Hi,

You would need to share the full domain and fill in the required form for us to help you.
@vijayp4you

Thank you

schoen · February 20, 2018, 9:41pm

The form looks like this:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

vijayp4you · February 21, 2018, 5:33am

My domain is: https://www.incometaxcalculatorindia.com/

I ran this command: sudo /opt/letsencrypt/certbot-auto renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/sewingmachineexperts.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/incometaxcalculatorindia.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for incometaxcalculatorindia.com
http-01 challenge for www.incometaxcalculatorindia.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (incometaxcalculatorindia.com) from /etc/letsencrypt/renewal/incometaxcalculatorindia.com.conf produced an unexpected error: Failed authorization procedure. incometaxcalculatorindia.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://incometaxcalculatorindia.com/.well-known/acme-challenge/DS1tuKmlD7TtiNWGR-M5hmVTz0DJ_ECnBNgNoVtUJoI: "
<!DOCTYPE html>
<html lang="en-US" prefix="og: http://ogp.me/ns#">
<head>
<meta charset="UTF-8" />
<meta name="viewport" co". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/incometaxcalculatorindia.com/fullchain.pem (failure)

-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/sewingmachineexperts.com/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/incometaxcalculatorindia.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: incometaxcalculatorindia.com
   Type:   unauthorized
   Detail: Invalid response from
   http://incometaxcalculatorindia.com/.well-known/acme-challenge/DS1tuKmlD7TtiNWGR-M5hmVTz0DJ_ECnBNgNoVtUJoI:
   "
   <!DOCTYPE html>
   <html lang="en-US" prefix="og: http://ogp.me/ns#">
   <head>
   <meta charset="UTF-8" />
   <meta name="viewport" co"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 16.04.3

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Easyengine

schoen · February 21, 2018, 5:38am

Thanks, it’s really helpful to have those extra details.

It looks like you have an over-broad redirection rule from HTTP to HTTPS. So if a user tries to visit

http://incometaxcalculatorindia.com/somefile

instead of getting redirected to

https://incometaxcalculatorindia.com/somefile

that user gets redirected to

https://incometaxcalculatorindia.com/ (the home page).

In other words, the information about which individual file the user was trying to access gets lost in this redirection process! That isn’t necessarily a huge problem for human beings, who will probably just continue using the site normally, but it does confuse the certificate authority, which is trying to download a particular file for validation purposes from a particular address (initially, an HTTP address rather than an HTTPS address). The certificate authority then receives a redirection to your home page, but the HTML content of the home page is not the particular validation file that the CA is looking for, so the validation fails.

To fix this, you should find where this redirection was created and replace it with one that redirects HTTP URLs to the equivalent HTTPS URLs, rather than always generating a redirection to the HTTPS version of the home page. The way of doing that depends on where and how the redirection was was set up.

vijayp4you · February 21, 2018, 5:50am

This is due to one plugin.
WP 404 Auto Redirect to Similar Post

i have removed the plugin.

and run the command again
sudo /opt/letsencrypt/certbot-auto renew

output is

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/sewingmachineexperts.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/incometaxcalculatorindia.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Attempting to renew cert (incometaxcalculatorindia.com) from /etc/letsencrypt/renewal/incometaxcalculatorindia.com.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/incometaxcalculatorindia.com/fullchain.pem (failure)

-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/sewingmachineexperts.com/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/incometaxcalculatorindia.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

schoen · February 21, 2018, 5:53am

This new message just says that you’ve been trying the same unsuccessful certificate issuance method too often. This limit lasts for only one hour. After one hour, you can try again and it will either work or give you a more useful and specific error message.

stevenzhu · February 21, 2018, 5:56am

hi,

I just tested, probably you need to check your nginx config (since the plugin will add a line at nginx config) and restart nginx.

Thank you

vijayp4you · February 21, 2018, 1:36pm

Issue Resolved Thank You.
Issue with redirection plugin.

hawkidoki · February 22, 2018, 10:13am

Hello,

I’m the author of the said plugin, and I’m kinda confused about how it could interfere with your SSL configuration.

The plugin only takes action if a 404 is about to get triggered by Wordpress. If you recently switched to https, make sure you correctly updated your SITE_URL & WP_URL to https:// … in Settings > General.

Any redirection made by my plugin will use the default WP rules (get_permalink(), get_term_link() etc…). So if @schoen is right, and if the redirection is made by my plugin, you probably misconfigured the general WP settings.

vijayp4you · February 22, 2018, 11:18am

Hi,
First I thought your plugin is the issue and I deactived the plugin so error didn’t came like above screenshots. Waiting for some time but site is not renewed. So later I removed code I kept to solve . Error in nginx after that site is renewed.
So issue is not with ur plugin continued using urs.
Isssue with code I kept to solve . Error for nginx

hawkidoki · February 22, 2018, 11:57am

Hello,

Okay cool

Have a good day!

system · March 24, 2018, 11:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.