Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Name is not whitelisted

Massivesoft · October 27, 2015, 3:50am

I received an e-mail today telling me I have been given the opportunity to beta test the program. So, as explained in the e-mail I followed the commands:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory -d mydomain.net -d www.mydomain.net auth

Where mydomain.net and www.mydomain.net are the domains that the e-mail said were whitelisted, but when I run that command I receive the error:

Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Name is not whitelisted

I have tried using automatic, manual and standalone authentication.

Any help would be much appreciated. Thank you.

hindy · October 27, 2015, 12:38pm

Hi,

Got the same issue here:

y-Nonce': 'xjFJLt0XiovbDSrocN2Tr1OUBmcZt5c1QB4mbkLKs-c'}): '{"type":"urn:acme:error:unauthorized","detail":"Error creating new authz :: Name is not whitelisted"}'
2015-10-27 12:30:53,073:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/home/hindy/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1097, in main
    return args.func(args, config, plugins)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 473, in auth
    _auth_from_domains(le_client, config, domains, plugins)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 313, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains, plugins)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 229, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 212, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 170, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 74, in get_authorizations
    domain, self.account.regr.new_authzr_uri)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 215, in request_domain_challenges
    typ=messages.IDENTIFIER_FQDN, value=domain), new_authz_uri)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 195, in request_challenges
    response = self.net.post(new_authzr_uri, new_authz)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 624, in post
    return self._check_response(response, content_type=content_type)
  File "/home/hindy/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 542, in _check_response
    raise messages.Error.from_json(jobj)
Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Name is not whitelisted

I think i’ll have to wait, maybe there’s a cache/update on the letsencrypt servers which are not updated?
I’ll try later and let you know.

Massivesoft · October 27, 2015, 2:15pm

The problem for me turned out that I had a typo in my domain when I was signing up for the beta program. You can check the e-mail you received to make sure the domains match.

nathan-osman · November 4, 2015, 6:35pm

It would appear that the script needs to bind to port 80 in order to complete the process. I attempted to run the certonly command and received the following error message:

"The program nginx (process ID xxxxx) is already listening on TCP port 80. This will prevent us from binding to that port. Please stop the nginx program temporarily and then try again."

Temporarily stopping nginx was sufficient to resolve the error.

riking · November 17, 2015, 10:15pm

You can fix that by using the webroot authenticator.

jparga · November 19, 2015, 5:51pm

How do you use the webroot authenticator to solve it?

svddevelop · November 22, 2015, 11:07am

I have same problem.
I had tried to do as sudo user with root privelege;
... as real root ;
... as user with name as domainname with root privelege.

I had tried to remove all record into CNAME by domain registrator (it help not) and restored records (help not too).

At end of reports can I read only one message:

unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Name is not whitelisted

what need to do and how can to append "Name to whitelist" ?

eva2000 · November 22, 2015, 1:26pm

webroot doesn't require to stop the existing web server for domain validation itself.. but once you get the LE ssl certificate you will then need to configure it manually or automate it with your web server and part of that process is restarting the web server for the new LE SSL certificate to take effect

Examples of Letsencrypt client's webroot authentication plugin in it's various evolving forms can be found in the following links

My specific examples for LE webroot integration into my Nginx stack installer + auto renewal support every 60 days at

[quote="svddevelop, post:7, topic:2193"]
what need to do and how can to append "Name to whitelist" ?
[/quote] did you apply to be in beta invite and submit domains for whitelisting https://community.letsencrypt.org/t/beta-program-announcements/1631/7 ?

svddevelop · November 22, 2015, 7:22pm

did you apply to be in beta invite and submit domains for whitelisting https://community.letsencrypt.org/t/beta-program-announcements/1631/72 ?

Shure. This is command string:

./letsencrypt-auto --agree-dev-preview -d SERVERNAME.org --server https://acme-v01.api.letsencrypt.org/directory -a manual auth -v --debug

Just did I tried to do next sequence from this way Using the webroot domain verification method

I did removed all configuration from local folder, /etc/letsencrypt/, /var/lib/letsencrypt/.
I did reinstalled letsencrypt into /usr/local
I did started /usr/local/letsencrypt/bootstrap/ubuntu
I did checked activation of modules "headers" but did not found "letsencrypt": /user/lib/apache2/modules/mod_letsencrypt are not exists.

This variant is not to live.