Error in installation


#1

While i tried to install letsencrypt in apache,
Getting the below error.

Domain: www.example.com
Type: unauthorized
Detail: Invalid response from http://www.example.com/.well-
known/acme-challenge/VtyUCMvp2hX_80e-x84T-X8Be94xPiPiPsBxbj_pP04
[server_ip]: 404

Any suggestion or advice ?


#2

Without your domain name, operating system, which client you are using, it’s tricky to be specific.

I’d suggest creating a text file in your webroot/.well-known/acme-challenge/test with text only content and then see if you can reach that from somewhere on the internet at yourdomain/.well-known/acme-challenge/test and it shows the correct content as text only.


#3

i have several domain installed in my server.
i am having Centos 7 in my server.
My webroot for each website will be like /var/www/vhosts/system/domain name/httpdocs/

and when creating a file /var/www/vhosts/system/domain name/httpdocs/.well-known/acme-challenge/test

and access with http://domainname/.well-know/
can be accessed.


#4

I assume you are using the certbot client ?

Is the file accessible from the general internet ( not your local network) and does it provide a pure text response ?

Do you have a firewall that could be blocking certain IP’s ? (including the LE acme server )


#5

In my webroot, only the folder was created. nothng was insdide.well-known
Yes, i am accessing through the internet only not local.

I tried the instruction as in the url https://www.lastbreach.com/en/blog/first-look-at-let-s-encrypt-beta


#6

If we have a firewall waht we can do then ?


#7

There is no problem with having a firewall, it’s then a question of if it’s blocking access from the Let’s Encrypt ACME servers to verify your domain. As it’s getting a 404 error it’s more likely that it can access, it just can’t reach the required file, because of possible redirects etc. That’s why I asked about placing a test file, and checking that you could access it from the internet ( not your normal IP which may be whitelisted or treated differently in the firewall).

If you can create the file, and it is served correctly ( as pure text ) from a general IP address, then everything should be OK.

If not, are you happy to provide your domain name - and the name of the test file so it can be tested from elsewhere ?


#8

Here i have the domain, acme-challenge/test.txt , this folder and text i have created


#9

Able to get it and kindly advice me on that?


#10

That test file looks fine.

certbot / letsencrypt automatically removes the files it provisions for challenges once it’s done, so it’s hard to be sure whether it is putting files in the same directory as your test.txt or not. Maybe you can re-run it with --verbose and paste everything it spews out ?


#11

Hi

Thanks for your advice! I. Am new to let’s encrypt. Can you please help me with a link to commands for verbose


#12

May you please help me with verbose command, i am not able to find in letsencrypt wesite


#13

from the documentation - https://certbot.eff.org/docs/using.html#command-line-options

-v, --verbose This flag can be used multiple times to incrementally
increase the verbosity of output, e.g. -vvv. (default: -3)


#14

Error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Name does not end in a public suffix

2016-05-31 12:48:24,457:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “0gkcFWqdJ0uWtPq6SxYV0vOH8Y8Fn5-LpRjsrONR3nTGViwM0-5gAc3N12m5f0JrCGFucd4Rch7bmf_hBDCoS23n8Yn0K4ax2bAvhJy3tgtAYRGGUGX9GiMjP8c29FXljTpvhxH0_BKiGUC2_ofWSfIZrs2OF0DJO2cGXKdh6uFjbzDFidBvAGi5l4IvkLeSsoAfeQAjN0plWGC08KXUtERaGku3oYtxw46mJMzbIrt7KnKYzBvdJyZgsCmjfWPedoNWjEOOcHOdYeO5ocRO3z1VHct3Tx5lXcrbMRXWncmJuEJnml6kHxoDch8_VMhzmiEyMML4Jf5wIyPimRwSAQ”}}, “protected”: “eyJub25jZSI6ICJmWjlHY3Fyc1pSM0tONExDSXktUEd4bm9hSi1wQXpkVmg0RGU0cEpNVHdrIn0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJob3JkZS53ZWJtYWlsIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ”, “signature”: “qS8VViv2hxs8UAwnAOfpTHnq_JQgaZbq-WLykrB1dNxWjRV9i9AoqhWEXrBmGFl5PwvfFldhng1FNaCncFLaTJPnwo_stcCTjrmisJHQcdqkUzmjcWZFWA7stwcYHcDnZThERC4GRC7mpzyoa2aErhCMDV3BKOFHISrb-6cZ1obUJLNhiXZBnJItDw-SyWXY__AoH2lKYKNeMWtm9tdCnspU5bjwXLm7W7Pf0SFRsY8WILSllR7wNN_M60ghoLT963dz9eeP4cwWQS5AT2CuyrWmz4WKudjCLGKOhnDrytQvFvJQvx7kbLy3Sdon4pQO0379nUhYBMp_gUENuz6fEg”}’}
2016-05-31 12:48:24,549:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 400 137
2016-05-31 12:48:24,550:DEBUG:root:Received <Response [400]>. Headers: {‘Content-Length’: ‘137’, ‘Expires’: ‘Tue, 31 May 2016 12:48:24 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘close’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 31 May 2016 12:48:24 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘wUQtobn6___dyoQBmthkgWtNvqoulItA1JxLIOxgF6c’}. Content: '{\n “type”: “urn:acme:error:malformed”,\n “detail”: “Error creating new authz :: Name does not end in a public suffix”,\n “status”: 400\n}'
2016-05-31 12:48:24,551:DEBUG:acme.client:Storing nonce: '\xc1D-\xa1\xb9\xfa\xff\xff\xdd\xca\x84\x01\x9a\xd8d\x81kM\xbe\xaa.\x94\x8b@\xd4\x9cK \xec`\x17\xa7’
2016-05-31 12:48:24,551:DEBUG:acme.client:Received response <Response [400]> (headers: {‘Content-Length’: ‘137’, ‘Expires’: ‘Tue, 31 May 2016 12:48:24 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘close’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 31 May 2016 12:48:24 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘wUQtobn6___dyoQBmthkgWtNvqoulItA1JxLIOxgF6c’}): '{\n “type”: “urn:acme:error:malformed”,\n “detail”: “Error creating new authz :: Name does not end in a public suffix”,\n “status”: 400\n}'
2016-05-31 12:48:24,552:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 693, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 460, in run
lineage, action = _auth_from_domains(le_client, config, domains)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 93, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py”, line 276, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py”, line 247, in obtain_certificate
self.config.allow_subset_of_names)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py”, line 64, in get_authorizations
domain, self.account.regr.new_authzr_uri)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 217, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 197, in request_challenges
new_authz)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 656, in post
return self._check_response(response, content_type=content_type)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 572, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Name does not end in a public suffix

Kindly help me on this please… Begging for your help…


#15

I got above when i tried to run ./letsencrypt-auto --verbose


#16

Can you provide the log from the beginning - including your command please.

Probably pastebin is the best - that way you can also expire it.


#21

Copied all from the log…


#22

@serverco, i didn’t get you, sorry…


#23

http://pastebin.com/PpW5deRf


#24

Here is the log and i have used ./letsencrypt-auto --verbose