Error "unauthorized" but just for one domain

Help
#1

My domain is: stichtingvanoosterhout.nl

I ran this command: certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: marksmeets.nl
2: idefix.marksmeets.nl
3: www.marksmeets.nl
4: newhighs.nl
5: stichtingvanoosterhout.nl
6: www.stichtingvanoosterhout.nl

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 5 6
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for stichtingvanoosterhout.nl
http-01 challenge for www.stichtingvanoosterhout.nl
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.stichtingvanoosterhout.nl (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.stichtingvanoosterhout.nl/.well-known/acme-challenge/lZckiPYOU9ZJNmjp-hxQ7P0MkduK6D6fIPcLaKe7Mao [2a02:348:81:ca5f::1]: “\n\n404 Not Found\n\n

Not Found

\n<p”, stichtingvanoosterhout.nl (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://stichtingvanoosterhout.nl/.well-known/acme-challenge/mSNQBg_R_euP7C2OQ6YuBUL8rZ7e-yOOibyHZMx3yEc [2a02:348:81:ca5f::1]: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

My web server is (include version): apache 2

The operating system my web server runs on is (include version): ubuntu 16.04.5 LTS

My hosting provider, if applicable, is: hostnet

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

I can’t seem renew the certificate specifically for stichtingvanoosterhout.nl. The other domains work, and get renewed perfectly. After some searching I decided to delete everything for stichtingvanoosterhout.nl with certbot delete, and then let certbot create a new certificate. This results in the error shown above. I have removed the vhost file containing the https entries (thought I’d let certbot generate those again).
There are both A and AAAA records for the domain: 141.138.202.95 and 2a02:348:81:ca5f::1.
The contents of the vhost file for stichtingvanoosterhout.nl:

<VirtualHost 141.138.202.95:80>
ServerAdmin smeets@marksmeets.nl
ServerName stichtingvanoosterhout.nl
DocumentRoot “/var/www/svo”
CustomLog /var/log/apache2/svo_access common
RewriteEngine on
RewriteCond %{SERVER_NAME} =stichtingvanoosterhout.nl
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<VirtualHost 141.138.202.95:80>
ServerAdmin smeets@marksmeets.nl
ServerName www.stichtingvanoosterhout.nl
DocumentRoot “/var/www/svo”
CustomLog /var/log/apache2/svo_access common
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.stichtingvanoosterhout.nl [OR]
RewriteCond %{SERVER_NAME} =stichtingvanoosterhout.nl
RewriteRule ^ https://stichtingvanoosterhout.nl%{REQUEST_URI} [END,NE,R=permanent]

<Directory /var/www/svo>
AllowOverride All
Options All
Require all granted
DirectoryIndex index.php

the directory /var/www/svo has the following permissions:
drwxr-sr-x 5 www-data www-data 4096 Aug 25 10:10 .

Any help with this problem would be appreciated.

1 Like
#2

Hi @MarkSmeets

there is a check of your domain, this midday - https://check-your-website.server-daten.de/?q=stichtingvanoosterhout.nl

There you see the problem.

You have ipv4 and ipv6 addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
stichtingvanoosterhout.nl A 141.138.202.95 Rotterdam/South Holland/Netherlands (NL) - XL Network Hostname: idefix.marksmeets.nl yes 2 0
AAAA 2a02:348:81:ca5f::1 Amsterdam/North Holland/Netherlands (NL) - XL Internet Services BV yes
www.stichtingvanoosterhout.nl C stichtingvanoosterhout.nl yes 1 0
A 141.138.202.95 Rotterdam/South Holland/Netherlands (NL) - XL Network Hostname: idefix.marksmeets.nl yes
AAAA 2a02:348:81:ca5f::1
Amsterdam/North Holland/Netherlands (NL) - XL Internet Services BV yes

Checking your domain Letsencrypt prefers ipv6, that’s your error message:

There is your ipv6.

But your vHost

has an ip address, so your vHost doesn’t work with your ipv6 address.

And you see the same in your url checks:

Domainname Http-Status redirect Sec. G
http://stichtingvanoosterhout.nl/ 141.138.202.95 301 https://stichtingvanoosterhout.nl/ Html is minified: 100,00 % 0.050 A
http://www.stichtingvanoosterhout.nl/ 141.138.202.95 301 https://stichtingvanoosterhout.nl/ Html is minified: 100,00 % 0.047 E
http://stichtingvanoosterhout.nl/ 2a02:348:81:ca5f::1 GZip used - 5730 / 19584 - 70,74 % 200 Html is minified: 161,57 % 0.140 H
http://www.stichtingvanoosterhout.nl/ 2a02:348:81:ca5f::1 GZip used - 5730 / 19584 - 70,74 % 200 Html is minified: 161,57 % 0.093 H

Ipv4 has a redirect http -> https, ipv6 has no redirect.

Same with your https - ipv4 is configured, ipv6 has a SendFailure.

Solution: Use

<VirtualHost *:80>

so your vHost works with all ip addresses. Then restart your server (same with your https port), then recheck your domain -> the results should change.

1 Like
#3

You are amazing! Thank you so much. I’ll make a donation.

2 Likes
#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.