Errors installing certificates for multiple domains hosted on the same server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vsnt.uk, viveksantayana.co.uk, projects.vsnt.uk, jitsi.vsnt.uk, www .vsnt.uk and www. viveksantayana.co.uk

I ran this command: sudo certbot certonly --webroot -w /var/www/html/vsnt.uk/public_html -d www.vsnt.uk -d vsnt.uk -w /var/www/html/viveksantayana.co.uk/public_html -d www.viveksantayana.co.uk -d viveksantayana.co.uk -w /var/www/html/projects.vsnt.uk/public_html -d projects.vsnt.uk -w /usr/share/jitsi-meet -d jitsi.vsnt.uk

It produced this output:
` Failed authorization procedure. viveksantayana.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://viveksantayana.co.uk/.well-known/acme-challenge/hfxGmNS7qzocAK5wc3RpfR6PiUhYZ95SMz9Rh54kqro [2a01:7e00::f03c:91ff:fecf:3239]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”, vsnt.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://vsnt.uk/.well-known/acme-challenge/KC7aAG4tgjJHjWSmIuFYdQI4uxiA633ecp71z4a1kxw [2a01:7e00::f03c:91ff:fecf:3239]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”, www.vsnt.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://vsnt.uk/.well-known/acme-challenge/e8zOThis76hMYb6KkOfPN111whqsdqiXrtBoVsp3Wi0 [2a01:7e00::f03c:91ff:fecf:3239]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
    IMPORTANT NOTES:
     - The following errors were reported by the server:

       Domain: viveksantayana.co.uk
       Type:   unauthorized
       Detail: Invalid response from
       http://viveksantayana.co.uk/.well-known/acme-challenge/hfxGmNS7qzocAK5wc3RpfR6PiUhYZ95SMz9Rh54kqro
       [2a01:7e00::f03c:91ff:fecf:3239]: "<html>\r\n<head><title>404 Not
       Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
       Not Found</h1></center>\r\n<hr><center>"

       Domain: vsnt.uk
       Type:   unauthorized
       Detail: Invalid response from
       http://vsnt.uk/.well-known/acme-challenge/KC7aAG4tgjJHjWSmIuFYdQI4uxiA633ecp71z4a1kxw
       [2a01:7e00::f03c:91ff:fecf:3239]: "<html>\r\n<head><title>404 Not
       Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
       Not Found</h1></center>\r\n<hr><center>"

       Domain: www.vsnt.uk
       Type:   unauthorized
       Detail: Invalid response from
       http://vsnt.uk/.well-known/acme-challenge/e8zOThis76hMYb6KkOfPN111whqsdqiXrtBoVsp3Wi0
       [2a01:7e00::f03c:91ff:fecf:3239]: "<html>\r\n<head><title>404 Not
       Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
       Not Found</h1></center>\r\n<hr><center>"

       To fix these errors, please make sure that your domain name was
       entered correctly and the DNS A/AAAA record(s) for that domain
       contain(s) the right IP address.

My web server is (include version): Nginx 1.18

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No. Using a CLI.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0

Hi everyone, so the problem I am having is this:

I am trying to install a single certificate to cover multiple domains that are hosted on the same server. Each domain and subdomain is hosted from a different webroot directory. I followed the instructions on how to install multiple using the webroot authenticator, but I encountered the above error.

I would greatly appreciate any advice on this. I am really struggling with this.

http://viveksantayana.co.uk/ and http://vsnt.uk/ both have IPv6 enabled. (http://www.vsnt.uk/ doesn’t, but it redirects to http://vsnt.uk/, as you can see in the error message.)

Accessed over IPv6, both of those sites return 404 Not Found errors. It seems like they’re going to different virtual hosts when accessed via IPv4 or IPv6.

Do the server blocks contain both listen 80; to listen on IPv4 and listen [::]:80; to listen on IPv6?

Are they using separate IPv4 and IPv6 server blocks with different web roots?

1 Like

Argh! You’re absolutely right! I cannot believe I missed that when setting up the server blocks! I couldn’t quite understand what the error message meant. Thanks so much, that’s sorted it.

The problem was that it was originally set up with separate IPv4 and v6 blocks, and I re-installed everything and tried to re-write them myself, and in doing so forgot to add in the v6 parameters.

Once I enabled IPv6 on all domains, it authenticated. There was an instance where the default server block’s entries conflicted with the Certbot created entries, but I managed to reconfigure that manually.

Thanks so much for your help!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.