Failed authorization procedure - dashboard.krinkleapps.com (http-01)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dashboard.krinkleapps.com

I ran this command:
sudo certbot certonly
–webroot --webroot-path “/usr/share/nginx/html/”
–keep-until-expiring
-n
–agree-tos
-m it@mobileepiphany.com
–eff-email
-d dashboard.krinkleapps.com

It produced this output:
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for dashboard.krinkleapps.com
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. dashboard.krinkleapps.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://dashboard.krinkleapps.com/login [34.239.63.14]: "\n<html lang=“en”>\n\n\n <meta charset=“utf-8”>\n <meta http-equiv=“X-UA-Compatible” content=“IE=edge,chrome=1”

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: dashboard.krinkleapps.com
  Type: unauthorized
  Detail: Invalid response from
  https://dashboard.krinkleapps.com/login [34.239.63.14]: "\n<html lang=“en”>\n\n\n <meta charset=“utf-8”>\n

  <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1"

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-1045-aws x86_64)

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @timmz

please read your output: You use webroot, so your running webserver is used.

There is a redirect to the login page - there isn't the validation file.

You have different options. Sample: Remove the redirect if the path starts with /.well-known.

Removing the redirect in the HAProxy frontend, and placing it in the backend allowed the renewal to process as expected.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.