Error when requesting certificate


#1

My domain is: cosmetica.dulcecalvo.es

I ran this command: letsencrypt-vesta dulcecalvo cosmetica.dulcecalvo.es

It produced this output:

Failed authorization procedure. cosmetica.dulcecalvo.es (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [F8u579CuGgPj3lI2n0TZGulrJv8adZfhpVx31gIJets.0bl5NhJDzpoDz_AZpvIcfR2tWojyiPNbujYRCC-n6VE] != [F8u579CuGgPj3lI2n0TZGulrJv8adZfhpVx31gIJets.VJiX50xcNEOMO6eyxr0aZq7LaciOJUXmNVBNj7Qfzyw]

The following errors were reported by the server:

Domain: cosmetica.dulcecalvo.es
Type: unauthorized
Detail: The key authorization file from the server did not match
this challenge
[F8u579CuGgPj3lI2n0TZGulrJv8adZfhpVx31gIJets.0bl5NhJDzpoDz_AZpvIcfR2tWojyiPNbujYRCC-n6VE]
!=
[F8u579CuGgPj3lI2n0TZGulrJv8adZfhpVx31gIJets.VJiX50xcNEOMO6eyxr0aZq7LaciOJUXmNVBNj7Qfzyw]

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

The operating system my web server runs on is: Ubuntu

I can login to a root shell on my machine: Yes

The version of my client is: certbot 0.30.2


#2

It appears to be a known issue with letsencrypt-vesta: https://github.com/interbrite/letsencrypt-vesta/issues/51

Since letsencrypt-vesta has not been updated in over 2 years, you might consider using the built-in support VestaCP offers for Let’s Encrypt, which is suggested in this comment: https://github.com/interbrite/letsencrypt-vesta/issues/51#issuecomment-372905254


#3

Hi @dosdemil.es

the error says, that your website sends the wrong user key.

Your config ( https://check-your-website.server-daten.de/?q=cosmetica.dulcecalvo.es ):

Domainname Http-Status redirect Sec. G
http://cosmetica.dulcecalvo.es/
46.183.114.223 200 0.873 H
http://www.cosmetica.dulcecalvo.es/
46.183.114.223 200 0.123 H
https://cosmetica.dulcecalvo.es/
46.183.114.223 301 https://oidococina.online/ 1.877 N
Certificate error: RemoteCertificateNameMismatch
https://www.cosmetica.dulcecalvo.es/
46.183.114.223 301 https://oidococina.online/ 1.644 N
Certificate error: RemoteCertificateNameMismatch
https://oidococina.online/ 200 7.627 B
http://cosmetica.dulcecalvo.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
46.183.114.223 200 0.117
http://www.cosmetica.dulcecalvo.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
46.183.114.223 404 0.120 A
Not Found

Your website redirects to oidococina.online, but your cosmetica sends a status 200 checking a file under /.well-known/acme-challenge.

Oh - what’s that? Opening

http://cosmetica.dulcecalvo.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

the content is

check-your-website-dot-server-daten-dot-de.VJiX50xcNEOMO6eyxr0aZq7LaciOJUXmNVBNj7Qfzyw

So your webserver puts the random file name in the file and adds the key.

Is this the key of your hoster?