😕 Error renew expired Certificate -> the client lacks sufficient authorization

Hello guys!!! I have a problem, I install the certificate some months ago, yestarday expired and the cron job dont work. So the certificate expired. I install the certificate using this tutoria:


Now im traying to renew the certificate using “sudo certbot renew” but not working.
Sorry for my english i am from Argentina.
Thanks so much, Pablo.

My domain is: www.laveleria.com.ar

I ran this command: sudo certbot renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/laveleria.com.ar.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for laveleria.com.ar
http-01 challenge for www.laveleria.com.ar
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (laveleria.com.ar) from /etc/letsencrypt/renewal/laveleria.com.ar.conf produced an unexpected error: Failed authorization procedure. www.laveleria.com.ar (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.laveleria.com.ar/.well-known/acme-challenge/U7iDT-5G03R6SnKlnaTIqexagKBNNYJtxrnSmT_m7Tg [2606:4700:3037::6818:7006]: "\n\n<!–[if IE 7]> <html class="no-js ", laveleria.com.ar (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://laveleria.com.ar/.well-known/acme-challenge/OWgPzZ34NknVU2PLQtABMNj77mWBtytp44mnxqnP66s [2606:4700:3037::6818:7006]: "\n\n<!–[if IE 7]> <html class="no-js ". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/laveleria.com.ar/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/laveleria.com.ar/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version): Digital Ocean, apache, wordpress

The operating system my web server runs on is (include version): Digital Ocean, apache, wordpress

My hosting provider, if applicable, is: Digital Ocean, apache, wordpress

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.

1 Like

Hi @cmlaplata

checking your domain that can’t work - https://check-your-website.server-daten.de/?q=laveleria.com.ar

You use Cloudflare, so http is redirected to https, so the Apache authenticator can’t work.

And your certificate is expired, so Cloudflare can’t connect your webserver.

  • Use the Cloudflare integrated solution
  • Remove that Cloudflare proxy, create a certificate, add Cloudflare, then switch to webroot.
2 Likes

Hmmmm, but the Apache authenticator in Certbot correctly supports HTTP-01 challenges since the deprecation of the old TLS-SNI-01 method. They can also be valid when HTTP is redirected to HTTPS, although there might be situations in which this doesn’t work.

I think your advice may be correct but it’s still not clear that this should inherently fail to work.

@cmlaplata, si tiene la intención de seguir usando Cloudflare, también puede considerar la opción de utilizar el certificado de origen de Cloudfare, lo que eliminaría la necesidad de un certificado Let’s Encrypt.

2 Likes

So first i need to remove de Lets encrypt Certificate? Oh i feel is so difficult this things.

First of all thanks!! When say maybe a solution can be use Cloudflare integrated solution or Cloudflare origin certificate is this? Image here off cloudflare: https://i.imgur.com/8XjstOB.jpg
I found that. If i configure that my website work again?

Puede ser una buena opción en vez del certificado Let’s Encrypt.

Otra posibilidad, si quiere otra opción, sería actualizar su versión de Certbot (0.31 está bastante desactualizada).

Thanks! I dont know if you answer in spanish or the website translate the answer jajaja.
First i gonna try turn off cloudfare, redirect the dns to Digital Ocean and try to renew certificate. If does not work i gonna try to install the origin server Cloudflare certificate!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.